CVE-2018-25254

CriticalPublic PoC

Published: 04 April 2026

Published

04 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0032 55.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH…

pointers and redirect execution to injected shellcode.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the buffer overflow flaw in NICO-FTP by applying patches, updates, or removing the vulnerable software directly prevents exploitation of CVE-2018-25254.

SI-16 Memory Protection good match

prevent

Memory protection mechanisms like DEP, ASLR, and stack canaries mitigate SEH pointer overwrites and arbitrary code execution from the buffer overflow in NICO-FTP.

SI-10 Information Input Validation good match

prevent

Validating FTP command inputs for size and structure prevents oversized payloads from triggering the buffer overflow vulnerability in NICO-FTP response handlers.

Security SummaryAI

CVE-2018-25254 is a structured exception handler (SEH) buffer overflow vulnerability (CWE-787) in NICO-FTP version 3.0.1.19. The flaw resides in the FTP server component, where sending oversized data in response handlers triggers a buffer overflow, enabling attackers to overwrite SEH pointers.

Unauthenticated remote attackers can exploit this vulnerability over the network by connecting to the exposed FTP service and transmitting crafted FTP commands with oversized payloads. Successful exploitation allows redirection of execution flow to injected shellcode, resulting in arbitrary code execution on the target system. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its ease of exploitation and high impact.

References include an Exploit-DB entry (https://www.exploit-db.com/exploits/45442) providing a public proof-of-concept, a VulnCheck advisory (https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh) detailing the SEH buffer overflow, and a Softonic download page (https://en.softonic.com/download/nico-ftp/windows/post-download). No patches or specific mitigations are described in the provided information.

Details

CWE(s): CWE-787

Affected Products

nico-ftp project

nico-ftp

≤ 3.0.1.19

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a buffer overflow in a public-facing FTP server enabling unauthenticated remote code execution via crafted commands, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://en.softonic.com/download/nico-ftp/windows/post-download
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45442
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh
Third Party Advisory · disclosure@vulncheck.com