← Back to CVEs

CVE-2025-47812

CRITICALCISA KEV

10.0

Description

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

CVE Details

CVSS v3.1 Score10.0

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published7/10/2025

Last Modified11/5/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorWing FTP Server

ProductWing FTP Server

Vulnerability NameWing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

KEV Date Added2025-07-14

Remediation Due Date2025-08-04

Ransomware UseUnknown

Affected Products

wftpserver:wing_ftp_server

Weaknesses (CWE)

CWE-158

References

https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/(cve@mitre.org)

https://www.vicarius.io/vsociety/posts/cve-2025-47812-detection-script-remote-code-execution-vulnerability-in-wing-ftp-server(cve@mitre.org)

https://www.vicarius.io/vsociety/posts/cve-2025-47812-mitigation-script-remote-code-execution-vulnerability-in-wing-ftp-server(cve@mitre.org)

https://www.wftpserver.com(cve@mitre.org)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47812(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.