Lyrie
Critical CVE
CVSS 9.83 sources verified·1 min read
By Lyrie Threat Intelligence·4/27/2026

CRITICAL: CVE-2018-25254 (CVSS 9.8) — nico-ftp project nico-ftp

CVE: CVE-2018-25254

CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL

Status: Critical advisory

Affected

  • nico-ftp project nico-ftp

Summary

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.

Verified Sources

References

  • https://en.softonic.com/download/nico-ftp/windows/post-download
  • https://www.exploit-db.com/exploits/45442
  • https://www.vulncheck.com/advisories/nico-ftp-buffer-overflow-seh

_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._

Lyrie Verdict

A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.

#nico-ftp#critical

Validated sources

  1. [1]NVD
  2. [2]GitHub Advisory
  3. [3]MITRE