Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2025-47812
PUBLISHEDIn Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...
1 day faster than CISA KEV
- Vendor
- wftpserver
- Product
- Wing FTP Server
- Published
- Jul 10, 2025
- EPSS
- 92.9% · 100% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Weaknesses (CWE)
-
Improper Neutralization of Null Byte or NUL Character
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2026-06-01 10:36:56 UTC · CVE
References
- https://www.wftpserver.com
- https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
- https://www.vicarius.io/vsociety/posts/cve-2025-47812-mitigation-script-remote-code-execution-vulnerability-in-wing-ftp-server
- https://www.vicarius.io/vsociety/posts/cve-2025-47812-detection-script-remote-code-execution-vulnerability-in-wing-ftp-server
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2026-06-01 10:36 UTC |
| CISA | 2026-06-02 14:07 UTC |
| Daily CyberSecurity | 2026-06-09 07:20 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-47812.yaml | Jun 01, 2026 |
Recent mentions
Daily CyberSecurity · Jun 10, 2026
A critical Veeam Backup vulnerability threatens enterprise backup servers running older software versions. This severe flaw allows authenticated The post Critical Veeam Backup Vulnerability Exposed appeared first on Daily CyberSecurity. Related posts: CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution SAP’s July 2025 Patch Day Brings 27 New Notes, Multiple Critical RCE & Deserialization Flaws (CVSS 10.0) Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild
Daily CyberSecurity · Jun 09, 2026
Large-Scale Updates Protect Enterprise Infrastructure Assets The security team managing the enterprise resource planning ecosystem released vital administrative The post SAP Security Patch Day: Critical Security Vulnerabilities Remediated appeared first on Daily CyberSecurity. Related posts: The Silent Leak: Critical 9.1 CVSS Spring Security Flaw Strips Away Vital HTTP Headers Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild Broadcom Addresses Critical Vulnerabilities in VMware ESXi, Workstation, and Fusion
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
KEV confirmed by CISA
-
KEV confirmed by Daily CyberSecurity