254/68 Tuesday, July 15, 2025
Cybersecurity experts are warning of a critical vulnerability tracked as CVE-2025-47812, which has been actively exploited in the wild. The flaw affects Wing FTP Server software and carries a maximum CVSS severity score of 10.0 This vulnerability allows unauthenticated remote code execution (RCE) with root or SYSTEM privileges. Alarmingly, exploitation began within 24 hours of the public release of technical details on June 30, 2025.
The vulnerability stems from unsafe handling of null byte characters (\0) in both the user and administrator interfaces. Attackers can inject malicious Lua code into a session file, which gets executed automatically when the session is triggered-such as when browsing files via the web interface. Since Wing FTP Server executes commands with high-level privileges and lacks proper mitigations like privilege dropping or sandboxing, successful exploitation can lead to full system compromise.
While the attack typically requires prior authentication, the risk significantly increases if anonymous FTP accounts are enabled. Reports from Huntress and Arctic Wolf confirm that attackers are deploying malware, remote access tools, and actively probing affected systems. Administrators are strongly urged to immediately update to Wing FTP Server version 7.4.4 or later to mitigate the risk and protect organizational systems and data from further compromise.
