Platform
windows
Component
smartftp-client
Fixed in
9.0.2616
CVE-2018-25234 describes a denial-of-service (DoS) vulnerability within SmartFTP Client. An attacker can trigger an application crash by exploiting this flaw, potentially disrupting operations. This vulnerability specifically impacts version 9.0.2615.0 of the SmartFTP Client. A fix is available from the vendor.
This vulnerability allows a local attacker to crash the SmartFTP Client application. The attack is achieved by supplying an excessively long string, specifically a buffer of 300 repeated characters, into the Host connection parameter. While the attack is local, a successful crash can disrupt user workflows and potentially lead to data loss if unsaved files are present. The impact is primarily focused on application availability rather than data exfiltration, but repeated crashes could degrade system performance and frustrate users.
This CVE was published on 2026-03-30. There is no indication of active exploitation or KEV listing at this time. Public proof-of-concept exploits are not currently known. The vulnerability's local nature and relatively simple exploitation method suggest a low to medium probability of exploitation.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2018-25234 is to upgrade SmartFTP Client to a patched version released by the vendor. If upgrading immediately is not feasible, consider restricting user access to the Host field to prevent malicious input. While a direct workaround isn't available, monitoring SmartFTP Client processes for unexpected crashes can provide early detection. After upgrading, confirm the fix by attempting to input a long string into the Host field and verifying that the application does not crash.
Update SmartFTP Client to a version later than 9.0.2615.0. This will prevent a local attacker from causing a denial of service by providing an excessively long string in the Host field.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-25234 is a denial-of-service vulnerability in SmartFTP Client 9.0.2615.0 that allows a local attacker to crash the application by providing an excessively long string in the Host field.
If you are using SmartFTP Client version 9.0.2615.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade SmartFTP Client to a version with the vulnerability patched. Check the vendor's website for the latest version.
There is currently no public information indicating that CVE-2018-25234 is being actively exploited.
Please refer to the vendor's website for the official advisory regarding CVE-2018-25234.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.