CVE-2014-125114

High CVSS 8.4

Overview

A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash.

CWE: CWE-20 Published: 2025-07-25T16:15:25.693

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.4 (HIGH)
Detected tags: buffer, rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags