CVE-2018-25254
NICO-FTP 3.0.1.19 Buffer Overflow SEH
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 0.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
04 Apr 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
nico-ftp · NICO-FTPpublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/45442unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.