CVE-2025-14242

Medium

Low Medium High Critical

6.5

CVSS Score

Published: Jan 14, 2026

Last Modified: Jan 14, 2026

Vulnerability Description

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Available Security Patches

3 patches available from vendors

View All Patches

Red Hat

RHSA-2026:0606

RHSA-2026:0606: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

Severity

Unknown

Released

Jan 14, 2026

Security Update

View Details Vendor Page

Red Hat

RHSA-2026:0608

RHSA-2026:0608: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

Severity

Unknown

Released

Jan 14, 2026

Security Update

View Details Vendor Page

Red Hat

RHSA-2026:0605

RHSA-2026:0605: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

Severity

Unknown

Released

Jan 14, 2026

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

6.5

out of 10.0

Medium

Key Information

Published Date: January 14, 2026

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

CVE-2025-14242

Vulnerability Description

CVSS Metrics

Available Security Patches

RHSA-2026:0606

RHSA-2026:0608

RHSA-2026:0605

References & Resources

Severity Details

Key Information

External Resources