Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Solar FTP Server Denial-of-Service Vulnerability via Malformed USER Command

Vulnerability

A denial-of-service vulnerability has been identified in Solar FTP Server versions through 2.1.1. The issue arises from improper handling of format strings in the USER command, leading to a read access violation in the sfsservice.exe process. This flaw causes the server to crash, creating a DoS condition.

Impact

Exploitation of this vulnerability causes the FTP server to crash, disrupting service availability.

Reproduction

The vulnerability can be reproduced by sending a crafted USER command that includes format specifiers. This can be done using a TCP connection to the FTP server's port (21) and sending the malformed USER command as the payload. The Metasploit module available in the Exploit Database can automate this process.

Remediation

Users are advised to upgrade to Solar FTP Server version 2.1.2 or later, where this vulnerability has been addressed.

Added: Aug 20, 2025, 4:24 PM
Updated: Aug 20, 2025, 4:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
2.5
exploitability
9.8
remediation
7.7
relevance
0.4
threat
9.0
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.