CVE-2025-47811

Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions through 7.4.4

Description: The administrative web interface (listening by default on port 5466) runs with elevated privileges (root or SYSTEM) by default. The web application provides methods to execute arbitrary system commands, which are automatically executed with these high privileges. This situation may lead to privilege escalation, as administrative users of the web interface are not necessarily system administrators.

Recommendations: Versions prior to 7.4.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability.