The Ayukov NFTP client is vulnerable to a critical buffer overflow that allows a malicious FTP server to execute arbitrary code on the connecting user's system.

The client fails to properly validate the size of the response received from an FTP server for the SYST command. A remote attacker controlling a malicious server can send an oversized payload to trigger a buffer overflow and execute a bind shell on port 5150.

Exploitation leads to a full compromise of the workstation running the NFTP client. This can result in the theft of sensitive local files, credential harvesting, or the installation of persistent malware. The CVSS score of 9.8 underscores the severe risk to the client system.

Immediate Action: Update the NFTP client to a patched version or switch to a modern, secure FTP client that implements proper buffer management.

Proactive Monitoring: Monitor for unexpected network listeners on port 5150 and audit outgoing FTP connections to untrusted or unknown external servers.

Compensating Controls: Utilize endpoint detection and response (EDR) tools to identify and block the execution of unauthorized shells and unusual memory writes originating from the NFTP process.

Public Exploit Available: No

Client-side vulnerabilities are particularly dangerous as they can bypass perimeter defenses. Users should immediately cease using affected versions of the NFTP client and migrate to a secure alternative to prevent remote code execution.