CVE-2025-34110

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.

Existe una vulnerabilidad de directory traversal en ColoradoFTP Server ? 1.3 Build 8 para Windows, que permite a atacantes no autenticados leer o escribir archivos arbitrarios fuera del directorio raíz FTP configurado. La falla se debe a una depuración insuficiente de las rutas de archivo proporcionadas por el usuario en los controladores de comandos FTP GET y PUT. Es posible explotarla enviando secuencias de navegación durante las operaciones FTP, lo que permite el acceso a archivos sensibles del sistema. Este problema afecta únicamente a la versión de ColoradoFTP para Windows.