{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25611", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:21:28.506Z", "datePublished": "2026-03-22T13:38:44.675Z", "dateUpdated": "2026-03-23T19:11:13.237Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:44.675Z"}, "datePublic": "2019-04-11T00:00:00.000Z", "title": "MiniFtp parseconf_load_setting Buffer Overflow via Configuration", "descriptions": [{"lang": "en", "value": "MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "skyqinsc", "product": "MiniFtp", "versions": [{"version": "*", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46807", "name": "ExploitDB-46807", "tags": ["exploit"]}, {"url": "https://github.com/skyqinsc/MiniFtp", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: MiniFtp parseconf_load_setting Buffer Overflow via Configuration", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/miniftp-parseconf-load-setting-buffer-overflow-via-configuration"}], "credits": [{"lang": "en", "value": "strider", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T19:10:27.828490Z", "id": "CVE-2019-25611", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T19:11:13.237Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "MiniFtp parseconf_load_setting Buffer Overflow via Configuration", "credits": [{"lang": "en", "type": "finder", "value": "strider"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "skyqinsc", "product": "MiniFtp", "versions": [{"status": "affected", "version": "*"}]}], "datePublic": "2019-04-11T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46807", "name": "ExploitDB-46807", "tags": ["exploit"]}, {"url": "https://github.com/skyqinsc/MiniFtp", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/miniftp-parseconf-load-setting-buffer-overflow-via-configuration", "name": "VulnCheck Advisory: MiniFtp parseconf_load_setting Buffer Overflow via Configuration", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:44.675Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25611", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T19:10:27.828490Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T19:11:04.674Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25611", "state": "PUBLISHED", "dateUpdated": "2026-03-22T13:38:44.675Z", "dateReserved": "2026-03-22T13:21:28.506Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:44.675Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges."}, {"lang": "es", "value": "MiniFtp contiene una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n parseconf_load_setting que permite a atacantes locales ejecutar c\u00f3digo arbitrario al proporcionar valores de configuraci\u00f3n excesivamente grandes. Los atacantes pueden crear un archivo miniftpd.conf con valores que excedan los 128 bytes para desbordar los b\u00faferes de la pila y sobrescribir la direcci\u00f3n de retorno, lo que permite la ejecuci\u00f3n de c\u00f3digo con privilegios de root."}], "id": "CVE-2019-25611", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:29.360", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/skyqinsc/MiniFtp"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46807"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/miniftp-parseconf-load-setting-buffer-overflow-via-configuration"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MiniFtp", "source": "cna", "vendor": "skyqinsc"}, "product": "miniftp", "vendor": "skyqinsc"}], "analysis": {"en": {"generated_at": "2026-03-22T14:38:04.707170+00:00", "value": {"mitigation_remediation": ["Apply any vendor-released patch or upgrade MiniFtp to the latest available version", "Ensure that only privileged users can create or modify the miniftpd.conf file", "Restrict MiniFtp\u2019s network exposure and disable the service if it is not required", "Monitor system logs for anomalous activity related to MiniFtp", "If a patch is not available, consider removing or decommissioning MiniFtp from the environment"], "summary": {"action": "Patch Immediately", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected product is MiniFtp from SkyQinSC. No specific version range is listed in the advisory; version information is missing. Therefore, all versions of MiniFtp that still parse unfettered configuration files are potentially vulnerable.", "description_and_impact": "MiniFtp contains a buffer overflow in the parseconf_load_setting function that allows a local attacker to supply oversized configuration values exceeding 128 bytes. By crafting a malicious miniftpd.conf file, the attacker can overflow a stack buffer and overwrite the return address, leading to execution of arbitrary code with root privileges. The weakness is a classic stack-based buffer overflow (CWE-787). The impact enables the attacker to gain full control over the system running MiniFtp, compromising confidentiality, integrity, and availability. This attack requires local access to modify the configuration file, as the vulnerability is triggered only when the daemon parses the file during startup.", "risk_and_exploitability": "The CVSS score of 8.6 indicates high severity. EPSS data is unavailable, so the probability of exploitation in the wild cannot be quantified. The vulnerability has not been cataloged in CISA\u2019s KEV list. The likely attack vector is local, requiring the attacker to modify the configuration file before starting MiniFtp. Once exploited, the attacker achieves root-level code execution, which is a critical risk for any system where MiniFtp is in use."}}}}, "created": "2026-03-23T09:46:09.700862+00:00", "updated": "2026-03-25T14:46:05.412852+00:00", "vendors": ["skyqinsc", "skyqinsc$PRODUCT$miniftp"]}