What is CVE-2025-34110?

CVE-2025-34110 is a vulnerability in Coloradoftp Server, classified under Path Traversal. Published 2025-07-15.

Is CVE-2025-34110 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Coloradoftp Server

CVE-2025-34110

A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sani…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.506 (97.9th percentile) — read the EPSS interpretation.

Affected products

Coloradoftp Server — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
www.exploit-db.com/exploits/40231 (exploit)
bitbucket.org/nolife/coloradoftp/commits/16a60c4a74ef477cd8c16ca82442eaab2fbe8c… (patch)
www.vulncheck.com/advisories/colorado-ftp-server-path-traversal-information-dis… (third-party-advisory)

Frequently asked questions

What is CVE-2025-34110?: CVE-2025-34110 is a vulnerability in Coloradoftp Server, classified under Path Traversal. Published 2025-07-15.
Is CVE-2025-34110 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.