CVE-2025-14242 - Vulnerability Details

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00123.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:3.0.5-10.el10_1.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 10.0 Extended Update Support

affected

Version	Status	Constraints
`0:3.0.5-9.el10_0.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:3.0.3-36.el8_10.3`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`0:3.0.3-31.el8_2.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:3.0.3-33.el8_4.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

affected

Version	Status	Constraints
`0:3.0.3-33.el8_4.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:3.0.3-35.el8_6.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

affected

Version	Status	Constraints
`0:3.0.3-35.el8_6.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:3.0.3-35.el8_6.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

affected

Version	Status	Constraints
`0:3.0.3-35.el8_8.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:3.0.3-35.el8_8.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:3.0.5-6.el9_7.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:3.0.3-49.el9_0.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:3.0.5-4.el9_2.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

affected

Version	Status	Constraints
`0:3.0.5-5.el9_4.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

affected

Version	Status	Constraints
`0:3.0.5-6.el9_6.1`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 7 unknown —

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
vsftpd-0:3.0.5-10.el10_1.1	cpe:/o:redhat:enterprise_linux:10.1	RHSA-2026:0606	2026-01-14T00:00:00Z
Red Hat Enterprise Linux 8
vsftpd-0:3.0.3-36.el8_10.3	cpe:/a:redhat:enterprise_linux:8	RHSA-2026:0608	2026-01-14T00:00:00Z
Red Hat Enterprise Linux 9
vsftpd-0:3.0.5-6.el9_7.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2026:0605	2026-01-14T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Redhat Subscribe	Enterprise Linux Subscribe Enterprise Linux Eus Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Eus Subscribe Rhel Eus Long Life Subscribe Rhel Tus Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:0605
https://access.redhat.com/errata/RHSA-2026:0606
https://access.redhat.com/errata/RHSA-2026:0608
https://access.redhat.com/errata/RHSA-2026:4470
https://access.redhat.com/errata/RHSA-2026:4477
https://access.redhat.com/errata/RHSA-2026:4513
https://access.redhat.com/errata/RHSA-2026:4522
https://access.redhat.com/errata/RHSA-2026:4525
https://access.redhat.com/errata/RHSA-2026:4543
https://access.redhat.com/errata/RHSA-2026:4550
https://access.redhat.com/errata/RHSA-2026:4553
https://access.redhat.com/errata/RHSA-2026:4554
https://access.redhat.com/security/cve/CVE-2025-14242
https://bugzilla.redhat.com/show_bug.cgi?id=2419826
https://nvd.nist.gov/vuln/detail/CVE-2025-14242
https://www.cve.org/CVERecord?id=CVE-2025-14242

History

Mon, 16 Mar 2026 07:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux Eus
CPEs		cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products		Redhat enterprise Linux Eus
References		https://access.redhat.com/errata/RHSA-2026:4553

Mon, 16 Mar 2026 01:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2026:4554

Fri, 13 Mar 2026 01:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
References		https://access.redhat.com/errata/RHSA-2026:4543

Thu, 12 Mar 2026 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products		Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2026:4550

Thu, 12 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.6::appstream
Vendors & Products		Redhat rhel E4s Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2026:4470 https://access.redhat.com/errata/RHSA-2026:4513 https://access.redhat.com/errata/RHSA-2026:4522 https://access.redhat.com/errata/RHSA-2026:4525

Thu, 12 Mar 2026 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Eus Long Life
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2026:4477

Thu, 15 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9
References		https://nvd.nist.gov/vuln/detail/CVE-2025-14242 https://www.cve.org/CVERecord?id=CVE-2025-14242
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 14 Jan 2026 22:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.1
References		https://access.redhat.com/errata/RHSA-2026:0606

Wed, 14 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2026:0605
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 14 Jan 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
Title		Vsftpd: vsftpd: denial of service via integer overflow in ls command parameter parsing
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-190
CPEs		cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/errata/RHSA-2026:0608 https://access.redhat.com/security/cve/CVE-2025-14242 https://bugzilla.redhat.com/show_bug.cgi?id=2419826
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-01-14T15:23:03.708Z

Updated: 2026-03-16T06:08:03.740Z

Reserved: 2025-12-08T03:42:06.011Z

Link: CVE-2025-14242

Vulnrichment

Updated: 2026-01-14T15:31:29.842Z

NVD

Status : Awaiting Analysis

Published: 2026-01-14T16:15:55.967

Modified: 2026-03-16T14:17:55.277

Link: CVE-2025-14242

Redhat

Severity : Moderate

Publid Date: 2026-01-14T00:00:00Z

Links: CVE-2025-14242 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-190

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object