What is CVE-2012-10055?

CVE-2012-10055 is a vulnerability in Comsndftp Ftp Server, classified under Use of Externally-Controlled Format String. Published 2025-08-13.

Is CVE-2012-10055 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Comsndftp Ftp Server

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function…

EPSS: 0.589 (98.3th percentile) — read the EPSS interpretation.

Affected products

Comsndftp Ftp Server — versions 1.3.7 Beta

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/19024 (exploit)
www.exploit-db.com/exploits/19177 (exploit)
web.archive.org/web/20120317214524/http://ftp.comsnd.com/ (product)
www.vulncheck.com/advisories/comsndftp-user-format-string-rce (third-party-advisory)

Frequently asked questions

What is CVE-2012-10055?: CVE-2012-10055 is a vulnerability in Comsndftp Ftp Server, classified under Use of Externally-Controlled Format String. Published 2025-08-13.
Is CVE-2012-10055 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.