Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Red Hat vsftpd: Remote Code Execution from Unauthenticated Users
RHSA-2026:4554
Summary
A security update is available for vsftpd on Red Hat systems. This update addresses a security weakness that could allow an attacker to execute arbitrary commands on a server without permission. Users should apply the update to their systems to prevent unauthorized access.
What to do
- Update redhat vsftpd to version 0:3.0.3-35.el8_8.1.
- Update redhat vsftpd-debuginfo to version 0:3.0.3-35.el8_8.1.
- Update redhat vsftpd-debugsource to version 0:3.0.3-35.el8_8.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | vsftpd | <= 0:3.0.3-35.el8_8.1 | 0:3.0.3-35.el8_8.1 |
| redhat | vsftpd-debuginfo | <= 0:3.0.3-35.el8_8.1 | 0:3.0.3-35.el8_8.1 |
| redhat | vsftpd-debugsource | <= 0:3.0.3-35.el8_8.1 | 0:3.0.3-35.el8_8.1 |
| redhat | vsftpd | <= 0:3.0.3-35.el8_8.1 | 0:3.0.3-35.el8_8.1 |
| redhat | vsftpd-debuginfo | <= 0:3.0.3-35.el8_8.1 | 0:3.0.3-35.el8_8.1 |
| redhat | vsftpd-debugsource | <= 0:3.0.3-35.el8_8.1 | 0:3.0.3-35.el8_8.1 |
Original title
Red Hat Security Advisory: vsftpd security update
osv CVSS3.1
6.5
- https://access.redhat.com/errata/RHSA-2026:4554 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#moderate Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2419826 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4554.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-14242 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-14242 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-14242 Vendor Advisory
Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026