Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Exploited in the Wild

satria adhi pradana
0
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Exploited in the Wild
ftp server

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Exploited in the Wild - CVE-2025-47812 is a critical Wing FTP Server vulnerability actively exploited in the wild. Learn how it works, risks, and how to protect your system with latest patch.

A high-severity vulnerability affecting Wing FTP Server is currently being actively exploited by malicious actors, according to cybersecurity firm Huntress. The flaw, identified as CVE-2025-47812 and carrying a CVSS score of 10.0, poses a serious threat due to its potential for unauthenticated remote code execution.

What is CVE-2025-47812?

CVE-2025-47812 is a critical security flaw caused by improper handling of null bytes ('\0') within server's web interface. This flaw allows attackers to inject arbitrary Lua code into session files, ultimately enabling remote code execution with privileges of FTP service — typically root or SYSTEM.

Issue was fixed in Wing FTP Server version 7.4.4, and users are strongly urged to update immediately

Exploitable Without Authentication

What makes this vulnerability particularly dangerous is that it can be exploited via anonymous FTP accounts, making it easier for attackers to gain access without credentials.

A full technical breakdown of  issue was released in late June 2025 by security researcher Julien Ahrens from RCE Security, prompting widespread attention.

How Attackers Are Exploiting It

According to Huntress, threat actors have already been observed exploiting this vulnerability to:

  • Download and execute malicious Lua scripts
  • Perform system reconnaissance
  • Attempt to install remote monitoring software
  • Create new FTP users for persistence
  • Drop a payload for installing ScreenConnect

Although installation of remote access software was intercepted before completion, first signs of exploitation were observed on July 1, 2025, just one day after public disclosure.

Over 8,000 Servers Exposed

Data from Censys reveals that there are currently 8,103 publicly accessible Wing FTP servers, with 5,004 exposing their web interface. The highest concentrations of these servers are found in United States, China, Germany, UK, and India.

Posting Komentar

0Komentar

Posting Komentar (0)