CNNVD-202507-2029 Information

Jul 15, 2025 cve

CNNVD ID

CNNVD-202507-2029

CVE-2025-34110

CNNVD Published: 2025-07-15

Description (Chinese)

ColoradoFTP Server是Colorado开源的一个Java FTP服务器软件。 ColoradoFTP Server 1.3 Build 8版本存在安全漏洞，该漏洞源于FTP GET和PUT命令路径清理不当，可能导致目录遍历。

Description (English)

ColoradoFTP Server is a Java FTP server software that is an open source for Colorado. There is a security loophole in version 8 of ColoradoFTP Server 1.3 Build, which stems from the inappropriate clean-up of the FTP GET and PUT command paths, which may result in a catalogue going round.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Colorado

Published

2025-07-15

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/ftp/colorado_ftp_traversal.rb https://www.vulncheck.com/advisories/colorado-ftp-server-path-traversal-information-disclosure https://bitbucket.org/nolife/coloradoftp/commits/16a60c4a74ef477cd8c16ca82442eaab2fbe8c86 https://www.exploit-db.com/exploits/40231 https://nvd.nist.gov/vuln/detail/CVE-2025-34110

Patch

https://bitbucket.org/nolife/coloradoftp/commits/16a60c4a74ef477cd8c16ca82442eaab2fbe8c86

Share on: