Description

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP.

INFO

Published Date :

2025-07-15T13:01:10.712Z

Last Modified :

2026-04-07T14:09:37.008Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2025-34110 vulnerability.

Vendors Products
Trueconf
  • Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34110.

URL Resource
https://bitbucket.org/nolife/coloradoftp/commits/16a60c4a74ef477cd8c16ca82442eaab2fbe8c86 cve-icon cve-icon
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/ftp/colorado_ftp_traversal.rb cve-icon cve-icon
https://www.exploit-db.com/exploits/40231 cve-icon cve-icon
https://www.vulncheck.com/advisories/colorado-ftp-server-path-traversal-information-disclosure cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability