Description
A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.
Published: 2025-07-15
Score: 9.3 Critical
EPSS: 50.6% High
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A directory traversal flaw in ColoradoFTP Server versions 1.3 Build 8 and earlier on Windows allows an unauthenticated FTP user to supply traversal sequences in the GET and PUT commands, leading to the ability to read, or even modify, any file outside the configured FTP root. The vulnerability stems from insufficient path validation (CWE‑22), lack of proper authorization checks (CWE‑306), and insufficient file permission handling (CWE‑552). An attacker could read system‑sensitive files such as configuration, credential stores, or program binaries, or alter critical system files to facilitate persistence or privilege escalation, thereby compromising confidentiality and integrity of the affected host. The impact is therefore full read/write access to arbitrary files on the server.

Affected Systems

ColoradoFTP Server running on Windows, version 1.3 Build 8 or earlier, is affected. The vulnerability applies only to the Windows distribution and affects any instance where the FTP service is exposed on a network without proper authentication or restrictions.

Risk and Exploitability

The CVSS score of 9.3, coupled with an EPSS score of 51%, indicates a highly critical risk and a high likelihood of exploitation in the wild. Although the vulnerability is not listed in CISA’s KEV catalog, public exploits exist, including a Metasploit auxiliary module that automates traversal of the FTP file system. The attack vector is unauthenticated network traffic: an attacker simply connects to the FTP service, issues a GET or PUT command with a traversal sequence, and receives an arbitrary file or writes to one. The lack of authentication and the server’s file‑write capabilities together enable attackers to compromise the host, elevate privileges, or persist malicious code, making this flaw a serious threat to any unpatched ColoradoFTP deployment.

Generated by OpenCVE AI on May 11, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ColoradoFTP Server on Windows to a version newer than 1.3 Build 8 that contains the patch for the traversal vulnerability
  • If an upgrade is not immediately possible, restrict the FTP root directory to a non‑privileged location and disable or tightly restrict the FTP PUT command to prevent unauthorized file writes
  • Block unauthenticated FTP access from external networks using firewall or VLAN segmentation and enforce authentication for all FTP clients

Generated by OpenCVE AI on May 11, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21436 A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.
History

Thu, 05 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Trueconf
Trueconf server
CPEs cpe:2.3:a:trueconf:server:*:*:*:*:*:*:*:*
Vendors & Products Trueconf
Trueconf server

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00413}

Tue, 15 Jul 2025 14:30:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 15 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 13:15:00 +0000

Type Values Removed Values Added
Description A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.
Title ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
Weaknesses CWE-22
CWE-306
CWE-552
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Trueconf Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T11:14:43.329Z

Reserved: 2025-04-15T19:15:22.560Z

Link: CVE-2025-34110

cve-icon Vulnrichment

Updated: 2025-07-15T13:44:47.466Z

cve-icon NVD

Status : Deferred

Published: 2025-07-15T13:15:30.833

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T17:30:15Z

Weaknesses