Privilege Escalation in Wing FTP Server by Frustrated User
CVE-2025-47811

6.6MEDIUM

Key Information:

Vendor

Wftpserver

Status
Wing Ftp Server
Vendor
CVE Published:
10 July 2025

Badges

đź“° News Worthy

What is CVE-2025-47811?

In Wing FTP Server versions up to 7.4.4, a significant vulnerability exists within the administrative web interface, which operates under the root or SYSTEM user by default. This issue allows authenticated users to execute arbitrary system commands through legitimate features of the web application, such as the web console and task scheduler. Administrative users, who may not hold system administration privileges, can inadvertently escalate their privileges. The vendor has indicated that this behavior is acceptable, raising concerns about the potential exploitation of this vulnerability.

Affected Version(s)

Wing FTP Server 0 <= 7.4.4

News Articles

favicon imageBleepingComputer

Hackers are exploiting critical RCE flaw in Wing FTP Server

Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public.

4 weeks ago

favicon imageCyber Kendra

Critical Zero-Day Vulnerability Grants Root Access to Wing FTP Servers Worldwide

A critical null-byte injection vulnerability in Wing FTP Server has been discovered that allows attackers to gain complete root access to affected systems, potentially compromising thousands of file transfer...

References

https://www.wftpserver.com
https://www.rcesecurity.com/2025/06/what-the-null-wing-ft...

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by Cyber Kendra

  • Vulnerability Reserved

.