CVE-2025-47812
Published Jul 10, 2025
Last updated 2 days ago
AI description
CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.
- Description
- In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
- Exploit added on
- Jul 14, 2025
- Exploit action due
- Aug 4, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-158
- Hype score
- Not currently trending
📌 CISA adds Wing FTP Server flaw (CVE-2025-47812) to KEV catalog. Actively exploited. #CyberSecurity #CISA https://t.co/C8GEPPfuZT https://t.co/yVVfWGMePw
@CyberHub_blog
17 Jul 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild #CISO https://t.co/70mLmbSSEs https://t.co/z97Gh0EuJ0
@compuchris
17 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Looks like Wing FTP Server got winged. A juicy RCE vuln (CVE-2025-47812, CVSS 10/10 ) is being actively exploited. some guys are injecting Lua code via null bytes like it’s a coding party. https://t.co/SpBm7vmizq
@__h7u
16 Jul 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47812: RCE in Wing FTP Server (<7.4.4) lets attackers inject Lua code via null byte handling in session files—leads to root/SYSTEM takeover, even via anonymous FTP. ⚠️ In the wild | PoC on GitHub | EPSS: 83% ➡️ https://t.co/RUWxS4gco1 https://t.co/RX9
@rapidriskradar
16 Jul 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit critical Wing FTP flaw CVE-2025-47812 is a critical remote code execution flaw (CVSS 10) in Wing FTP Server, affecting all versions before 7.4.4. The vulnerability stems from improper handling of null bytes, allowing attackers to inject Lua code into session http
@dCypherIO
15 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad del servidor Wing FTP ❗CVE-2025-47812 ➡️Más info: https://t.co/8JwuofmpBK https://t.co/y7hk6vbtIy
@CERTpy
15 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVSS 10.0: Critical Vulnerability in Wing FTP Exposed Airbus and U.S. Air Force to Attacks #cve #rce #ftp Researchers from Huntress have detected active exploitation of the CVE-2025-47812 vulnerability in Wing FTP Server, which received the maximum severity score of CVSS 10.0 and
@RedDogSecurity1
15 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC : https://t.co/UAB7UneYwW 👉Dorks: HUNTER: https://t.co/G5LwnS1fm6="Wing FTP Server" https://t.co/RIsL6ELmrq
@HackingTeam777
15 Jul 2025
485 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Wing FTP Serverに深刻な脆弱性(CVE-2025-47812)が確認され、技術詳細公開翌日に実際の攻撃が観測された。 この欠陥はCVSSスコア10.0で、未認証のリモートコード実行を可能にする。 攻撃はnullバイトとLuaコードを悪
@yousukezan
14 Jul 2025
616 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨🚨⚠️ALERTE CVE-2025-47812 Wing FTP Server vulnérable à une RCE (CVSS 10.0). Attaques actives depuis le 1er juil. 2025 ! Une faille critique permet un contrôle total à distance. Détails #CyberSec #RCE #WingFTPServerImpact : vol de données, malwares (ex. ScreenCon
@JonathanAd12614
14 Jul 2025
15 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🛡️ CISA just added CVE-2025-47812 to its KEV Catalog, highlighting a serious flaw in Wing FTP Server. Time to patch up before your server gets more unwanted guests than a holiday party! #Cybersecurity #WindowsForum #StaySafe https://t.co/izV25oeixc
@windowsforum
14 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability https://t.co/GhE9mi8MBR
@ScyScan
14 Jul 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️We added Wing FTP Server improper neutralization of null byte or NUL character vulnerability CVE-2025-47812 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@CISACyber
14 Jul 2025
6030 Impressions
13 Retweets
40 Likes
3 Bookmarks
1 Reply
1 Quote
A critical vulnerability in Wing FTP Server (CVE-2025-47812) is actively being exploited, allowing remote code execution with root access. Over 8,000 systems are exposed globally, indicating a severe risk for organizations using this software, particularly those in critical se...
@CybrPulse
14 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2025-47812 (CVSS score: 10.0): Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC :https://t.co/8obF5nbeUO 🧐Deep Dive :https://t.co/izWfVAgPxY 📊109K Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/ddoU0
@HunterMapping
14 Jul 2025
3042 Impressions
10 Retweets
55 Likes
37 Bookmarks
1 Reply
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited In The Wild - https://t.co/9IL91a8iRu #thn #infosec
@mwyres
14 Jul 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface. https://t.co/0F5d7o7GH5 https://t.co/U
@riskigy
14 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit CVE-2025-47812 in Wing FTP Server, allowing unauthenticated remote code execution via null byte and Lua injection, enabling user creation and root/SYSTEM code execution on versions 7.4.3 and earlier. #Security https://t.co/MmYv8s0yBN
@Strivehawk
13 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
重大な Wing FTP サーバーの脆弱性が悪用される (CVE-2025-47812) Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) #HelpNetSecurity (Jul 11) https://t.co/ctKqvFKwYq
@foxbook
13 Jul 2025
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47812: In Wing FTP Server the user and admin web interfaces mishandle '\0' bytes, allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service https://t.co/XyaHVku9eW
@ZeroDayFacts
13 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE Flaw in Wing FTP Server Actively Exploited by Hackers https://t.co/wUQgLDsZ5e #cve-2025-47812 #CybersecurityExploit #LuaScriptInjection #RceVulnerability
@wizconsults
13 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting a critical remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, with a devastating CVSS score of 10. This flaw allows attackers to gain full system privileges, and active exploitation began within days of the vulnerability being discl...
@CybrPulse
13 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Active exploitation of CVE-2025-47812 in Wing FTP Server versions before 7.4.4 was detected on July 1, 2025, enabling remote code execution via null byte and Lua injection. Attackers attempted post-exploitation activities before being stopped. #Vulnerabi… https://t.co/U5S0RwqYN
@TweetThreatNews
13 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-47812
@transilienceai
13 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad crítica en servidores Wing FTP permite ejecución remota de comandos Se reveló la vulnerabilidad CVE-2025-47812 en servidores Wing FTP, que permite a atacantes ejecutar comandos con privilegios de root o sistema. https://t.co/V4GODCfSQt
@b3stpractices
13 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【FTPサーバーの深刻な脆弱性】Wing FTP Serverに存在するCVE-2025-47812(CVSS 10.0)が野生で活発に悪用されている。技術詳細公開からわずか1日で攻撃者が実際の悪用を開始した深刻な事態である。
@nakajimeeee
13 Jul 2025
225 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Hackers are exploiting a critical RCE flaw (CVE-2025-47812) in Wing FTP Server, using null byte and Lua code injection to gain system-level access. Update to version 7.4.4 immediately. #CVE #CyberRisk #Australia https://t.co/xlCB2iNYeE
@TweetThreatNews
12 Jul 2025
83 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. #cybersecurity https://t.co/cM3PQQaVVG
@cybertzar
12 Jul 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Four suspects linked to Scattered Spider and DragonForce ransomware were arrested in the UK, affecting major retailers like M&S, Co-op, and Harrods with losses up to £440M. Urgent updates needed for CVEs CVE-2025-47812 & CVE-2025-5777. ⚠️ #UK #Ransomware https://t.co
@TweetThreatNews
12 Jul 2025
120 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in the Wing FTP Server (CVE-2025-47812) has surfaced, allowing attackers to execute arbitrary code with root privileges. With over 8,100 servers exposed and real-time exploitation attempts noted, it’s crucial for organizations to upgrade immediately an.
@CybrPulse
12 Jul 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical #Wing_FTP_Server #Vulnerability (CVE-2025-47812) Actively Being #Exploited in the Wild https://t.co/EYX13OLL9H https://t.co/RjUZz5VHdw
@omvapt
12 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild | 10-07-2025 Source: https://t.co/JtUqxk16Oy Key details below ↓ 💀Threats: Screenconnect_tool, Trojan:win32/ceprolad.a, 🎯Victims: Wing ftp server users 🔓CV
@rst_cloud
12 Jul 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wing FTPにおけるCVSSスコア10の脆弱性CVE-2025-47812は、開示から24時間以内には大規模悪用が観測された。Huntress社報告。攻撃成功の確認は1件のみ。4つの攻撃者を観測。 https://t.co/sxKfABbfbt
@__kokumoto
12 Jul 2025
1505 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
1 Quote
Critical Wing FTP Bug CVE-2025-47812 Now Actively Exploited https://t.co/KreCrx36mt
@CyberSecuriUS
12 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE Exploit in Wing FTP Server (#CVE-2025-47812) Actively Targeted Within 24 Hours of Disclosure https://t.co/3WTgevCq5x
@UndercodeNews
11 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1⃣ CVE-2025-5959: Type Confusion in V8 in Google Chrome - https://t.co/YlFKlI5woW 2⃣ CVE-2025-47812: Wing FTP Server RCE Exploit - https://t.co/QIMvUFvKEI 3⃣ SailPoint IQService - RCE via Default Encryption Key - https://t.co/sl0odlvVQ5 4⃣ CVE-2025-5777 (Cit
@ksg93rd
11 Jul 2025
2623 Impressions
19 Retweets
71 Likes
47 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) https://t.co/Or9nNLfwq5 https://t.co/mPcOaCbuVT
@secharvesterx
11 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/UvqQB9zwr5 https://t.co/TK3VwbhGJw
@teoseller
11 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) https://t.co/WjsOJyjf7B #HelpNetSecurity #Cybersecurity https://t.co/H8D67g960j
@PoseidonTPA
11 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wing FTP Serverにおいて最大深刻度の脆弱性(CVE-2025-47812、CVSS 10.0)が公開直後から悪用されている。 問題はWebインターフェースでのヌルバイト(\0)処理不備により、セッションファイルへの任意Luaコード注入
@yousukezan
11 Jul 2025
1134 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical flaw in Wing FTP Server (CVE-2025-47812) is being exploited in the wild, allowing remote code execution via null-byte injection. Over 5,000 servers at risk. Attackers are using it for malicious Lua files & persistence. 🔒🌐 #CyberAlert #DataR… https://t.co
@TweetThreatNews
11 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/6ANpz1rzQJ
@Dinosn
11 Jul 2025
1508 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
A critical security flaw in Wing FTP Server, identified as CVE-2025-47812, allows remote code execution via Lua injection due to improper handling of null bytes. With over 8,000 vulnerable devices, urgent patching is necessary as active exploitation is already confirmed.
@CybrPulse
11 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/knx8eXqjP4 https://t.co/dEJRDqRYfd
@RigneySec
11 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم اكتشاف ثغرة أمنية حرجة في خادم FTP الخاص بـ Wing، تُعرف برقم CVE-2025-47812، وتُستغل بنشاط. الثغرة، التي سجلت درجة CVSS 10.0، تتعلق بسوء معالجة بايتات صفرية، مما ي
@Cybercachear
11 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical bug in Wing FTP Server (CVE-2025-47812) is under active attack—RCE via null byte injection. Hackers are exploiting it using anonymous FTP access to drop malware & run commands as root. Over 5,000 servers still exposed. Patch now. Details here → https://
@TheHackersNews
11 Jul 2025
9836 Impressions
36 Retweets
72 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. … https://t.co/SCvBLsiLRE
@CVEnew
10 Jul 2025
612 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-47812: CRITICAL] Critical vulnerability in Wing FTP Server before 7.4.4 allows remote code execution through user session files, enabling attackers to execute system commands with FTP service privi...#cve,CVE-2025-47812,#cybersecurity https://t.co/GosUWHaJq6 https://t.c
@CveFindCom
10 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We’re seeing limited exploitation of a remote code execution Wing FTP Server bug (CVE-2025-47812). Organizations running Wing FTP Server should update to the fixed version, version 7.4.4. Here’s what to know: 🤣 👏 😺 😝925 https://t.co/dwx5hxo9SH
@derrick_nebl
10 Jul 2025
40 Impressions
7 Retweets
7 Likes
8 Bookmarks
9 Replies
0 Quotes
We’re seeing limited exploitation of a remote code execution Wing FTP Server bug (CVE-2025-47812). Organizations running Wing FTP Server should update to the fixed version, version 7.4.4. Here’s what to know:
@HuntressLabs
10 Jul 2025
7857 Impressions
11 Retweets
61 Likes
11 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34AF9E83-291C-40B0-AE69-34C9B59A5D03",
"versionEndExcluding": "7.4.4"
}
],
"operator": "OR"
}
]
}
]