Plattform
windows
Komponente
smartftp-client
Behoben in
9.0.2616
CVE-2018-25234 describes a denial-of-service (DoS) vulnerability within SmartFTP Client. An attacker can trigger an application crash by exploiting this flaw, potentially disrupting operations. This vulnerability specifically impacts version 9.0.2615.0 of the SmartFTP Client. A fix is available from the vendor.
The impact of CVE-2018-25234 is a denial of service. A successful exploit results in SmartFTP Client crashing, preventing users from transferring files. As with the other vulnerabilities, this is a local vulnerability, requiring an attacker to have access to the system running SmartFTP Client. The attack involves crafting a Host string exceeding the expected buffer size, triggering a buffer overflow. The blast radius is limited to the affected SmartFTP Client instance.
CVE-2018-25234 is not currently listed on KEV or EPSS. The CVSS score of 6.2 (MEDIUM) indicates a moderate probability of exploitation. Public proof-of-concept (POC) code is not widely available, but the vulnerability is relatively straightforward to exploit. The vulnerability was published on 2026-03-30 by the NVD.
Users who rely on SmartFTP Client version 9.0.2615.0, particularly those who grant local users access to configure connection settings, are at risk. Shared hosting environments where multiple users share the same instance of SmartFTP Client are also potentially vulnerable.
• windows / supply-chain:
Get-Process SmartFTP | Select-Object -ExpandProperty CPU -WarningAction SilentlyContinue• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='SmartFTP Client']]]" -MaxEvents 10• windows / supply-chain: Check Autoruns for suspicious entries related to SmartFTP Client.
disclosure
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2018-25234 is to upgrade to a patched version of SmartFTP Client. If upgrading is not immediately feasible, restrict user access to the connection settings to prevent malicious modification of the Host field. A Web Application Firewall (WAF) is unlikely to be effective in this scenario due to the local nature of the vulnerability. Monitoring system logs for unusual process terminations related to SmartFTP Client could provide early detection. There are no specific Sigma or YARA rules available for this vulnerability, but monitoring for crashes related to excessive Host lengths could be a useful indicator. After upgrading, confirm the fix by attempting to set an excessively long Host string; the application should not crash.
Actualice SmartFTP Client a una versión posterior a 9.0.2615.0. Esto evitará que un atacante local cause una denegación de servicio al proporcionar una cadena excesivamente larga en el campo Host.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-25234 is a denial-of-service vulnerability in SmartFTP Client 9.0.2615.0 that allows a local attacker to crash the application by providing an excessively long string in the Host field.
If you are using SmartFTP Client version 9.0.2615.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade SmartFTP Client to a version with the vulnerability patched. Check the vendor's website for the latest version.
There is currently no public information indicating that CVE-2018-25234 is being actively exploited.
Please refer to the vendor's website for the official advisory regarding CVE-2018-25234.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.