CVE-2025-47812

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 7.4.4

Description Wing FTP Server is affected by a critical remote code execution (RCE) vulnerability (CVE-2025-47812) stemming from improper handling of null bytes ('0') in the web interfaces. This allows attackers to inject arbitrary Lua code into user session files, potentially executing arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). The vulnerability is exploitable even with anonymous FTP accounts. Active exploitation of this flaw has been observed, with attackers attempting to gain root/SYSTEM access, scan systems, and install malware. Over 8,100 systems are estimated to be exposed, including those belonging to the U.S. Air Force and Airbus. The vulnerability allows for unauthenticated remote code execution. The loginok.html endpoint is a target for exploitation.

Recommendations Update Wing FTP Server to version 7.4.4 or later.