CVE-2025-47812

Description

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

CVSS v3.1 Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Jul 14, 2025 Remediation due: Aug 4, 2025

Weakness Type (CWE)

CWE-158 CWE-158

Affected Products

Vendor	Product	Versions
wftpserver	wing_ftp_server	< 7.4.4

References

Exploits

https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild

Other References

https://www.vicarius.io/vsociety/posts/cve-2025-47812-detection-script-remote-code-execution-vulnerability-in-wing-ftp-server https://www.vicarius.io/vsociety/posts/cve-2025-47812-mitigation-script-remote-code-execution-vulnerability-in-wing-ftp-server https://www.wftpserver.com https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47812

Frequently Asked Questions

What is CVE-2025-47812? +

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts. It has a CVSS v3.1 base score of 10.0 (CRITICAL). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

How severe is CVE-2025-47812? +

CVE-2025-47812 has a CVSS v3.1 score of 10.0 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2025-47812? +

CVE-2025-47812 affects products from wftpserver, specifically: wing_ftp_server. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-47812? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-9648

A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By …

CVE-2025-14388 9.8

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up …

CVE-2025-55113 9.0

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support …

CVE-2025-66263 7.5

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, …

CVE-2025-1936 7.3

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when …

CVE-2024-10921 6.8

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted …