Remote Code Execution Vulnerability in Wing FTP Server
CVE-2025-47812

10CRITICAL

Key Information:

Vendor

Wftpserver

Vendor
CVE Published:
10 July 2025

Badges

📈 Score: 742💰 Ransomware👾 Exploit Exists🟣 EPSS 91%🦅 CISA Reported📰 News Worthy

What is CVE-2025-47812?

CVE-2025-47812 is a severe remote code execution vulnerability found in the Wing FTP Server, an application designed to facilitate file transfer over the Internet using FTP protocols. This vulnerability resides in the mishandling of the null byte ('\0') within both user and admin web interfaces of versions preceding 7.4.4. As a result, attackers can inject arbitrary Lua code into user session files. This situation places the integrity and confidentiality of the entire system in jeopardy, as it allows the execution of any command with the privileges tied to the FTP service, which typically operates at elevated system levels like root or SYSTEM. The potential for exploitation extends to accounts with anonymous access, further amplifying the risk of unauthorized access and control.

Potential impact of CVE-2025-47812

  1. Complete Server Compromise: The ability to execute arbitrary commands means that an attacker can gain full control over the server, potentially leading to unauthorized data access, modification, or deletion. This total compromise can severely damage an organization's operational continuity and reputation.

  2. Exploitation via Anonymous Accounts: The vulnerability can be exploited by users with anonymous FTP access, making it easier for threat actors to initiate attacks without needing valid credentials. This lowers the barrier of entry for exploitation and increases the vulnerability's potential impact.

  3. Risk of Data Breaches: Successful exploitation of this vulnerability can lead to significant data breaches, exposing sensitive organizational data or personally identifiable information (PII) to malicious actors. The ramifications of such breaches could involve legal ramifications, loss of customer trust, and financial liabilities.

CISA has reported CVE-2025-47812

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-47812 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Wing FTP Server 0 < 7.4.4

News Articles

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

3 weeks ago

Tasting the Exploit: HackerHood testa l'exploit su Wing FTP Server del CVE‑2025‑47812 da Score 10

Critical vulnerability in Wing FTP Server, CVE-2025-47812, allows remote code execution, urgent update needed.

3 weeks ago

Wing FTP Server Vulnerability Actively Exploited - 2000+ Servers Exposed Online

Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed.

3 weeks ago

References

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🦅

    CISA Reported

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • Vulnerability published

  • 📰

    First article discovered by Cyber Kendra

  • Vulnerability Reserved

.
CVE-2025-47812 : Remote Code Execution Vulnerability in Wing FTP Server