Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
Jul 11, 2025
Cyber Attack / Vulnerability
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4. "The user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files," according to an advisory for the flaw on CVE.org. "This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default)." What makes it even more concerning is that the flaw can be exploited via anonymous FTP accounts. A comprehensive breakdown of the vulnerability entered the public domain towards the end of June 2025, courtesy of RCE Security researcher Julien Ahrens. Cybersecuri...
