Back to KEVs

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 10, 2025
Published Date: July 10, 2025
Last Updated: July 17, 2025
Vendor: wftpserver
Product: Wing FTP Server
Description: In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Tags

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

Score: 83.38% (Percentile: 99.22%) as of 2025-07-16

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-07-10 17:45:30 UTC) Source

References

https://www.wftpserver.com https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

Known Exploited Vulnerability Information

Source	Added Date
Huntress Blog	2025-07-10 17:45:23 UTC

Recent Mentions

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

Source: TheHackerNews • Published: 2025-07-11 10:58:00 UTC

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4. "The user and

CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited in the Wild

Source: Arctic Wolf • Published: 2025-07-10 21:27:59 UTC

On July 10, 2025, a technical article was published by Huntress revealing that a maximum severity remote code execution vulnerability in Wing FTP Server, CVE-2025-47812, had been actively exploited by threat actors as early as July 1, 2025. Details of the vulnerability had originally been published on June 30, 2025, providing a comprehensive breakdown of ... CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited in the Wild

Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild

Source: Huntress Blog • Published: 2025-07-10 05:00:00 UTC

Huntress discovered active exploitation of Wing FTP Server RCE (CVE-2025-47812). Learn more about the injection flaw, attack timeline, forensic artifacts, and how to protect your organization.

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-47812.yaml	2025-07-10 18:00:21 UTC

Timeline

CVE ID Reserved

May 10, 2025
CVE Published to Public

July 10, 2025
Added to KEVIntel

July 10, 2025
Detected by Nuclei

July 10, 2025