High severityNVD Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-34107

Description

A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txtnvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/winaxe_server_ready.rbnvd
www.exploit-db.com/exploits/40767nvd
www.vulncheck.com/advisories/wina-xe-ftp-client-remote-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.059
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000