Active Exploitation of Critical Vulnerability in Wing FTP Server

CVE-2025-47812 could lead to unauthenticated remote code execution

Threat ID:: CC-4680
Threat Severity:: Medium
Published:: 11 July 2025 11:33 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2025-47812 could lead to unauthenticated remote code execution

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 7.4.4

Wing FTP Server

Threat details

Active Exploitation of CVE-2025-47812

Security researchers have reported CVE-2025-47812 has been exploited in-the-wild. NHS England National CSOC assesses further exploitation as highly likely.

Introduction

Wing FTP released an update on 14 May 2025 to address a critical vulnerability in Wing FTP Server. Security researchers report CVE-2025-47812 is under active exploitation.

CVE-2025-47812 - Wing FTP Server Remote Code Execution Vulnerability - CVSSv3 score: 10.0

Remediation advice

Affected organisations are encouraged to review the Wing FTP Server Release note released 14 May 2025 and apply the latest update.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

Last edited: 11 July 2025 11:33 am