Remote Code Execution Vulnerability in Wing FTP Server
CVE-2025-47812
Key Information:
- Vendor
Wftpserver
- Status
- Vendor
- CVE Published:
- 10 July 2025
Badges
What is CVE-2025-47812?
CVE-2025-47812 is a severe remote code execution vulnerability found in the Wing FTP Server, an application designed to facilitate file transfer over the Internet using FTP protocols. This vulnerability resides in the mishandling of the null byte ('\0') within both user and admin web interfaces of versions preceding 7.4.4. As a result, attackers can inject arbitrary Lua code into user session files. This situation places the integrity and confidentiality of the entire system in jeopardy, as it allows the execution of any command with the privileges tied to the FTP service, which typically operates at elevated system levels like root or SYSTEM. The potential for exploitation extends to accounts with anonymous access, further amplifying the risk of unauthorized access and control.
Potential impact of CVE-2025-47812
-
Complete Server Compromise: The ability to execute arbitrary commands means that an attacker can gain full control over the server, potentially leading to unauthorized data access, modification, or deletion. This total compromise can severely damage an organization's operational continuity and reputation.
-
Exploitation via Anonymous Accounts: The vulnerability can be exploited by users with anonymous FTP access, making it easier for threat actors to initiate attacks without needing valid credentials. This lowers the barrier of entry for exploitation and increases the vulnerability's potential impact.
-
Risk of Data Breaches: Successful exploitation of this vulnerability can lead to significant data breaches, exposing sensitive organizational data or personally identifiable information (PII) to malicious actors. The ramifications of such breaches could involve legal ramifications, loss of customer trust, and financial liabilities.
CISA has reported CVE-2025-47812
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-47812 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Wing FTP Server 0 < 7.4.4
News Articles
Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box
3 weeks ago

Tasting the Exploit: HackerHood testa l'exploit su Wing FTP Server del CVE‑2025‑47812 da Score 10
Critical vulnerability in Wing FTP Server, CVE-2025-47812, allows remote code execution, urgent update needed.
3 weeks ago

Wing FTP Server Vulnerability Actively Exploited - 2000+ Servers Exposed Online
Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed.
3 weeks ago
References
EPSS Score
91% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 💰
Used in Ransomware
- 👾
Exploit known to exist
Vulnerability published
- 📰
First article discovered by Cyber Kendra
Vulnerability Reserved