Go To Content
:::

Tainan Branch, Administrative Enforcement Agency, Ministry of Justice:Back to homepage

:::

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

  • Publication Date :
  • Last updated:2025-08-20
  • View count:4

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress.

The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4.

"The user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files," according to an advisory for the flaw on CVE.org. "This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default)."

Go Top