critical advisory March 23, 2026

MiniFtp Buffer Overflow Vulnerability (CVE-2019-25611)

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function allowing local attackers to execute arbitrary code by supplying oversized configuration values in the miniftpd.conf file.

The MiniFtp application is susceptible to a buffer overflow vulnerability, identified as CVE-2019-25611, within the parseconf_load_setting function. This flaw allows a local attacker to execute arbitrary code on the system. The vulnerability stems from insufficient bounds checking when loading configuration values from the miniftpd.conf file. By crafting a malicious configuration file with values exceeding 128 bytes, an attacker can overflow stack buffers, overwrite the return address, and…

Detection coverage 2

Detect MiniFtp Configuration File Modification

medium

Detects modifications to the MiniFtp configuration file (miniftpd.conf), which could indicate a potential buffer overflow attack.

sigma tactics: privilege_escalation techniques: T1068 sources: file_event, linux

Detect MiniFtp Process Execution After Config Change

high

Detects execution of the MiniFtp process shortly after a modification to its configuration file, potentially indicating exploitation of CVE-2019-25611.

sigma tactics: execution, privilege_escalation techniques: T1059, T1068 sources: process_creation, linux

Detection queries are kept inside the platform. Get full rules →