CVE-2025-47812

Published Jul 10, 2025

Last updated 6 months ago

Exploit knownCVSS critical 10.0
Wing FTP Server
FTP
Port (21)

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.

Description
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Source
cve@mitre.org
NVD status
Analyzed
Products
wing_ftp_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Exploit added on
Jul 14, 2025
Exploit action due
Aug 4, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-158

Social media

Hype score
Not currently trending

  1. 🚨 AI surge = cyber surge for tech leaders! Patch Wing FTP NOW (CVE-2025-47812 RCE CVSS 10). Stryker hack disrupts healthcare. Banks: 1300% AI fraud jump. Nvidia $20B Groq deal, YC favors grit over Ivy. Innovate & defend! #AI #Cyber

    @cageyvdev

    3 Apr 2026

    143 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 📡Wing FTP Vulnerability → RCE Attack Chain Risk​ CVE-2025-47813 is actively exploited and added to CISA KEV.​ On its own, it exposes server paths, but the real risk appears when chained.​ ​ Combined with CVE-2025-47812 (RCE):​ Exposure → Path Leak → RCE → Sy

    @CriminalIP_US

    25 Mar 2026

    218 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🎤 RadioCSIRT Ep.600 – Mardi 17 mars 2026 Quatre sujets. Veille cyber quotidienne. 🔴 Wing FTP Server – CVE-2025-47813 ajoutée au catalogue KEV de la CISA. Exploitation active confirmée. Information Disclosure exploitable en chaîne avec CVE-2025-47812, une RCE criti

    @marcfredericgo

    17 Mar 2026

    116 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA waarschuwt voor actief misbruik van Wing FTP Server-kwetsbaarheden. CVE-2025-47813 en CVE-2025-47812 zijn gepatcht in versie 7.4.4. https://t.co/Cns7divgRx #Security #CISA #CVE202547812 #CVE202547813 #FTP

    @Techzinenlbe

    17 Mar 2026

    142 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA warns of active exploitation of Wing FTP Server vulnerabilities. CVE-2025-47813 and CVE-2025-47812 have been patched in version 7.4.4. https://t.co/XDGbOCIrwx #Security #CISA #CVE202547812 #CVE202547813 #FTP - Follow for more

    @techzine

    17 Mar 2026

    75 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CISA just added CVE-2025-47813 to the KEV catalog — Wing FTP is leaking server paths via an oversized UID cookie 🍪 Pair that with CVE-2025-47812 (CVSS 10.0 RCE) and you've got a spicy exploit chain 🔥 Patch to v7.4.4. Now. Yesterday. 🛠️ #InfoSec #CyberSecurity #W

    @archie_sham

    17 Mar 2026

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-47812 en IceWarp - Cibersafety https://t.co/uAbAUj3woF

    @escudata

    21 Feb 2026

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Just dropped our WingData 🦅💾 writeup here: https://kzs.m/ajpzyc Dive into the full exploitation chain: 🔹 Recon & Wing FTP Discovery 🔹 Lua Injection RCE (CVE-2025-47812) 🔹 Python Tarfile Filter Bypass (CVE-2025-4517) https://t.co/asLoSPN4ZO

    @1337Sheets

    16 Feb 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), i... https://t.co/2jpphCTQB2

    @pedri77

    4 Feb 2026

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. What the NULL?! Pre-Auth Wing FTP Server RCE (CVE-2025-47812) https://t.co/7XG7Hb7SrD

    @reverseame

    20 Aug 2025

    1967 Impressions

    8 Retweets

    13 Likes

    6 Bookmarks

    2 Replies

    0 Quotes

  11. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/J1FGE5WpKy

    @ByteCheck101

    11 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. #VulnerabilityReport #CVE202547812 CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases https://t.co/1tT68BvENC

    @Komodosec

    8 Aug 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea

    @FireCompass

    31 Jul 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CVE-2025-47812 Wing FTP Server allows RCE via null byte injection, leading to full server compromise. Exploited in the wild. 🔗 https://t.co/bnW1B52yO5 #CVE #RCE #Security #WingFTP #CyberSecurity #Exploit

    @r0otk3r

    27 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Aktívan kihasználják a Wing FTP nemrég felfedezett RCE sebezhetőségét A Huntress kiberbiztonsági vállalat kutatói 2025. július 1-jén észlelték a CVE-2025-47812 azonosítójú, CVSS 10-es súlyosságú távoli kódfuttatási hiba kihasználására irányuló első p

    @linuxmint_hun

    24 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild #CISO https://t.co/2QM3So1mdO https://t.co/lMe3GhAyB7

    @compuchris

    24 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-47812 is a critical vulnerability stemming from multiple flaws in the user authentication and session management mechanisms of Wing FTP Server. This vulnerability is particularly severe because Wing FTP Server typically runs with root privileges on Linux systems or http

    @CyberPentestLab

    22 Jul 2025

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild A recently disclosed maximum-sever 𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝗧𝘄𝗶𝘁𝘁𝗲𝗿 𝗳𝗮𝗺𝗶𝗹𝘆. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀! @thehackersnews @edgeitech @edg

    @Edgeitech

    22 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files.. Github link: https://t.co/Ie6zT4xyEg

    @PoC_in_Github

    19 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Une vulnérabilité critique (CVE-2025-47812) a été découverte dans le logiciel de serveur FTP de Wing, permettant potentiellement des attaquants à distance de prendre le contrôle des systèmes affectés. Cette faille est activement exploitée dans la nature, posant une mena

    @Sh3lmiYotr

    18 Jul 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 Wing FTP Server RCE Alert (CVE-2025-47812) 🚨 Null byte injection = root/SYSTEM access! Affects versions < 7.4.4 on all platforms. Even anonymous users are a threat. Patch now! ⚠️ 🔗 https://t.co/z9V18PCy3c #CyberSecurity #SOCAlert https://t.co/fqL5vK6qbG

    @sequretek_sqtk

    18 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Unauthenticated RCE in Wing FTP: CVE-2025-47812 allows attackers to execute arbitrary code as root or SYSTEM without logging in. A critical flaw with major impact, including full system compromise and lateral movement. Learn more and test your exposure with #NodeZero at htt

    @Horizon3ai

    17 Jul 2025

    1685 Impressions

    13 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  23. Luego de hacer algunas pruebas ya puedo publicar mi segundo exploit He creado un exploit para la CVE-2025-47812 (Solo para fines educativos) https://t.co/DsrHU8Jyh8

    @blindma1den

    17 Jul 2025

    2758 Impressions

    11 Retweets

    92 Likes

    25 Bookmarks

    2 Replies

    0 Quotes

  24. Discover how a single NULL byte led to a full server takeover in Wing FTP Server. CVE-2025-47812 exposes a critical flaw in input handling that allowed unauthenticated remote code execution. . . . #CyberSecurity #WingFTP #RCE #CVE2025 #VulnerabilityAnalysis #PatchNow #Infosec htt

    @kratikal

    17 Jul 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. 📌 CISA adds Wing FTP Server flaw (CVE-2025-47812) to KEV catalog. Actively exploited. #CyberSecurity #CISA https://t.co/C8GEPPfuZT https://t.co/yVVfWGMePw

    @CyberHub_blog

    17 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild #CISO https://t.co/70mLmbSSEs https://t.co/z97Gh0EuJ0

    @compuchris

    17 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Looks like Wing FTP Server got winged. A juicy RCE vuln (CVE-2025-47812, CVSS 10/10 ) is being actively exploited. some guys are injecting Lua code via null bytes like it’s a coding party. https://t.co/SpBm7vmizq

    @__h7u

    16 Jul 2025

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 CVE-2025-47812: RCE in Wing FTP Server (<7.4.4) lets attackers inject Lua code via null byte handling in session files—leads to root/SYSTEM takeover, even via anonymous FTP. ⚠️ In the wild | PoC on GitHub | EPSS: 83% ➡️ https://t.co/RUWxS4gco1 https://t.co/RX9

    @rapidriskradar

    16 Jul 2025

    9 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Hackers exploit critical Wing FTP flaw CVE-2025-47812 is a critical remote code execution flaw (CVSS 10) in Wing FTP Server, affecting all versions before 7.4.4. The vulnerability stems from improper handling of null bytes, allowing attackers to inject Lua code into session http

    @dCypherIO

    15 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. ⚠️Vulnerabilidad del servidor Wing FTP ❗CVE-2025-47812 ➡️Más info: https://t.co/8JwuofmpBK https://t.co/y7hk6vbtIy

    @CERTpy

    15 Jul 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CVSS 10.0: Critical Vulnerability in Wing FTP Exposed Airbus and U.S. Air Force to Attacks #cve #rce #ftp Researchers from Huntress have detected active exploitation of the CVE-2025-47812 vulnerability in Wing FTP Server, which received the maximum severity score of CVSS 10.0 and

    @RedDogSecurity1

    15 Jul 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC : https://t.co/UAB7UneYwW 👉Dorks: HUNTER: https://t.co/G5LwnS1fm6="Wing FTP Server" https://t.co/RIsL6ELmrq

    @HackingTeam777

    15 Jul 2025

    485 Impressions

    1 Retweet

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  33. Wing FTP Serverに深刻な脆弱性(CVE-2025-47812)が確認され、技術詳細公開翌日に実際の攻撃が観測された。 この欠陥はCVSSスコア10.0で、未認証のリモートコード実行を可能にする。 攻撃はnullバイトとLuaコードを悪

    @yousukezan

    14 Jul 2025

    616 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  34. 🚨🚨⚠️ALERTE CVE-2025-47812 Wing FTP Server vulnérable à une RCE (CVSS 10.0). Attaques actives depuis le 1er juil. 2025 ! Une faille critique permet un contrôle total à distance. Détails #CyberSec #RCE #WingFTPServerImpact : vol de données, malwares (ex. ScreenCon

    @JonathanAd12614

    14 Jul 2025

    15 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  35. 🛡️ CISA just added CVE-2025-47812 to its KEV Catalog, highlighting a serious flaw in Wing FTP Server. Time to patch up before your server gets more unwanted guests than a holiday party! #Cybersecurity #WindowsForum #StaySafe https://t.co/izV25oeixc

    @windowsforum

    14 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability https://t.co/GhE9mi8MBR

    @ScyScan

    14 Jul 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🛡️We added Wing FTP Server improper neutralization of null byte or NUL character vulnerability CVE-2025-47812 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

    @CISACyber

    14 Jul 2025

    6030 Impressions

    13 Retweets

    40 Likes

    3 Bookmarks

    1 Reply

    1 Quote

  38. A critical vulnerability in Wing FTP Server (CVE-2025-47812) is actively being exploited, allowing remote code execution with root access. Over 8,000 systems are exposed globally, indicating a severe risk for organizations using this software, particularly those in critical se...

    @CybrPulse

    14 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. 🚨Alert🚨 CVE-2025-47812 (CVSS score: 10.0): Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC :https://t.co/8obF5nbeUO 🧐Deep Dive :https://t.co/izWfVAgPxY 📊109K Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/ddoU0

    @HunterMapping

    14 Jul 2025

    3042 Impressions

    10 Retweets

    55 Likes

    37 Bookmarks

    1 Reply

    0 Quotes

  40. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited In The Wild - https://t.co/9IL91a8iRu #thn #infosec

    @mwyres

    14 Jul 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface. https://t.co/0F5d7o7GH5 https://t.co/U

    @riskigy

    14 Jul 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Hackers exploit CVE-2025-47812 in Wing FTP Server, allowing unauthenticated remote code execution via null byte and Lua injection, enabling user creation and root/SYSTEM code execution on versions 7.4.3 and earlier. #Security https://t.co/MmYv8s0yBN

    @Strivehawk

    13 Jul 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 重大な Wing FTP サーバーの脆弱性が悪用される (CVE-2025-47812) Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) #HelpNetSecurity (Jul 11) https://t.co/ctKqvFKwYq

    @foxbook

    13 Jul 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. CVE-2025-47812: In Wing FTP Server the user and admin web interfaces mishandle '\0' bytes, allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service https://t.co/XyaHVku9eW

    @ZeroDayFacts

    13 Jul 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Critical RCE Flaw in Wing FTP Server Actively Exploited by Hackers https://t.co/wUQgLDsZ5e #cve-2025-47812 #CybersecurityExploit #LuaScriptInjection #RceVulnerability

    @wizconsults

    13 Jul 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Hackers are exploiting a critical remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, with a devastating CVSS score of 10. This flaw allows attackers to gain full system privileges, and active exploitation began within days of the vulnerability being discl...

    @CybrPulse

    13 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  47. Active exploitation of CVE-2025-47812 in Wing FTP Server versions before 7.4.4 was detected on July 1, 2025, enabling remote code execution via null byte and Lua injection. Attackers attempted post-exploitation activities before being stopped. #Vulnerabi… https://t.co/U5S0RwqYN

    @TweetThreatNews

    13 Jul 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Actively exploited CVE : CVE-2025-47812

    @transilienceai

    13 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. Vulnerabilidad crítica en servidores Wing FTP permite ejecución remota de comandos Se reveló la vulnerabilidad CVE-2025-47812 en servidores Wing FTP, que permite a atacantes ejecutar comandos con privilegios de root o sistema. https://t.co/V4GODCfSQt

    @b3stpractices

    13 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. 【FTPサーバーの深刻な脆弱性】Wing FTP Serverに存在するCVE-2025-47812(CVSS 10.0)が野生で活発に悪用されている。技術詳細公開からわずか1日で攻撃者が実際の悪用を開始した深刻な事態である。

    @nakajimeeee

    13 Jul 2025

    225 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.CVE-2026-28296
  2. A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.CVE-2026-28295
  3. The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.CVE-2026-27699
  4. The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path traversal vulnerability may allow an attacker to overwrite arbitrary files on the system and potentially achieve privilege escalation or remote code execution. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.CVE-2026-3179
  5. Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.CVE-2020-37155

References

Sources include official advisories and independent security research.