CVE-2025-34110

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-34110

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34110.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-34110

Published

2025-07-15T13:15:30.833Z

Modified

2026-04-12T15:36:24.285270Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.

References

Affected packages

Git / bitbucket.org/nolife/coloradoftp

Affected ranges

Type: GIT
Repo: https://bitbucket.org/nolife/coloradoftp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

16a60c4a74ef477cd8c16ca82442eaab2fbe8c86

Affected versions

1.*

1.3

Database specific

vanir_signatures_modified

"2026-04-12T15:36:24Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34110.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "251145532788171280305768876642995824501",
                "7093707141429545515907161534099995653",
                "312538698378582257593424737016874255716"
            ]
        },
        "target": {
            "file": "coloradoftp/plugins/xmlfs/src/main/java/com/coldcore/coloradoftp/plugin/xmlfs/resolver/GenericVirtualPathResolver.java"
        },
        "source": "https://bitbucket.org/nolife/coloradoftp@16a60c4a74ef477cd8c16ca82442eaab2fbe8c86",
        "signature_type": "Line",
        "id": "CVE-2025-34110-147b8826",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 597.0,
            "function_hash": "30800469746312930370171075578529644280"
        },
        "target": {
            "function": "fixVirtualParentRefs",
            "file": "coloradoftp/plugins/xmlfs/src/main/java/com/coldcore/coloradoftp/plugin/xmlfs/resolver/GenericVirtualPathResolver.java"
        },
        "source": "https://bitbucket.org/nolife/coloradoftp@16a60c4a74ef477cd8c16ca82442eaab2fbe8c86",
        "signature_type": "Function",
        "id": "CVE-2025-34110-9048897e",
        "deprecated": false
    }
]