PT-2025-27480 · Wing Ftp · Wing Ftp Server
Julien Ahrens
·
Published
2025-06-30
·
Updated
2026-03-17
·
CVE-2025-47812
CVSS v3.1
10
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wing FTP Server versions prior to 7.4.4
Description
Wing FTP Server is vulnerable to a remote code execution (RCE) flaw due to improper handling of null bytes ('0') in the web interface. This allows attackers to inject arbitrary Lua code into user session files, potentially leading to the execution of arbitrary system commands with FTP service privileges (root or SYSTEM by default). The vulnerability is exploitable even with anonymous FTP accounts. Active exploitation of this vulnerability has been observed in the wild, with attackers attempting to gain system-level access and install malicious software. Approximately 8,103 publicly accessible instances of Wing FTP Server are estimated to be vulnerable, with around 5,004 having a web interface exposed.
Recommendations
Wing FTP Server versions prior to 7.4.4 are vulnerable and should be updated to version 7.4.4 or later immediately.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wing Ftp Server