High severity8.4NVD Advisory· Published Mar 22, 2026· Updated Apr 3, 2026

CVE-2019-25619

Description

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.

Affected products

Ftpshell/Ftpshell Server
cpe:2.3:a:ftpshell:ftpshell_server:6.83:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46685nvdExploitThird Party AdvisoryVDB Entry
www.vulncheck.com/advisories/ftp-shell-server-buffer-overflow-via-account-namenvdThird Party Advisory
www.ftpshell.com/index.htmnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000