CVE-2025-47812

Published Jul 10, 2025

Last updated 2 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.

Description
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Exploit added on
Jul 14, 2025
Exploit action due
Aug 4, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-158

Social media

Hype score
Not currently trending
  1. 📌 CISA adds Wing FTP Server flaw (CVE-2025-47812) to KEV catalog. Actively exploited. #CyberSecurity #CISA https://t.co/C8GEPPfuZT https://t.co/yVVfWGMePw

    @CyberHub_blog

    17 Jul 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild #CISO https://t.co/70mLmbSSEs https://t.co/z97Gh0EuJ0

    @compuchris

    17 Jul 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Looks like Wing FTP Server got winged. A juicy RCE vuln (CVE-2025-47812, CVSS 10/10 ) is being actively exploited. some guys are injecting Lua code via null bytes like it’s a coding party. https://t.co/SpBm7vmizq

    @__h7u

    16 Jul 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-47812: RCE in Wing FTP Server (<7.4.4) lets attackers inject Lua code via null byte handling in session files—leads to root/SYSTEM takeover, even via anonymous FTP. ⚠️ In the wild | PoC on GitHub | EPSS: 83% ➡️ https://t.co/RUWxS4gco1 https://t.co/RX9

    @rapidriskradar

    16 Jul 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Hackers exploit critical Wing FTP flaw CVE-2025-47812 is a critical remote code execution flaw (CVSS 10) in Wing FTP Server, affecting all versions before 7.4.4. The vulnerability stems from improper handling of null bytes, allowing attackers to inject Lua code into session http

    @dCypherIO

    15 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️Vulnerabilidad del servidor Wing FTP ❗CVE-2025-47812 ➡️Más info: https://t.co/8JwuofmpBK https://t.co/y7hk6vbtIy

    @CERTpy

    15 Jul 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVSS 10.0: Critical Vulnerability in Wing FTP Exposed Airbus and U.S. Air Force to Attacks #cve #rce #ftp Researchers from Huntress have detected active exploitation of the CVE-2025-47812 vulnerability in Wing FTP Server, which received the maximum severity score of CVSS 10.0 and

    @RedDogSecurity1

    15 Jul 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC : https://t.co/UAB7UneYwW 👉Dorks: HUNTER: https://t.co/G5LwnS1fm6="Wing FTP Server" https://t.co/RIsL6ELmrq

    @HackingTeam777

    15 Jul 2025

    485 Impressions

    1 Retweet

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  9. Wing FTP Serverに深刻な脆弱性(CVE-2025-47812)が確認され、技術詳細公開翌日に実際の攻撃が観測された。 この欠陥はCVSSスコア10.0で、未認証のリモートコード実行を可能にする。 攻撃はnullバイトとLuaコードを悪

    @yousukezan

    14 Jul 2025

    616 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. 🚨🚨⚠️ALERTE CVE-2025-47812 Wing FTP Server vulnérable à une RCE (CVSS 10.0). Attaques actives depuis le 1er juil. 2025 ! Une faille critique permet un contrôle total à distance. Détails #CyberSec #RCE #WingFTPServerImpact : vol de données, malwares (ex. ScreenCon

    @JonathanAd12614

    14 Jul 2025

    15 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 🛡️ CISA just added CVE-2025-47812 to its KEV Catalog, highlighting a serious flaw in Wing FTP Server. Time to patch up before your server gets more unwanted guests than a holiday party! #Cybersecurity #WindowsForum #StaySafe https://t.co/izV25oeixc

    @windowsforum

    14 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability https://t.co/GhE9mi8MBR

    @ScyScan

    14 Jul 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🛡️We added Wing FTP Server improper neutralization of null byte or NUL character vulnerability CVE-2025-47812 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

    @CISACyber

    14 Jul 2025

    6030 Impressions

    13 Retweets

    40 Likes

    3 Bookmarks

    1 Reply

    1 Quote

  14. A critical vulnerability in Wing FTP Server (CVE-2025-47812) is actively being exploited, allowing remote code execution with root access. Over 8,000 systems are exposed globally, indicating a severe risk for organizations using this software, particularly those in critical se...

    @CybrPulse

    14 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. 🚨Alert🚨 CVE-2025-47812 (CVSS score: 10.0): Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC :https://t.co/8obF5nbeUO 🧐Deep Dive :https://t.co/izWfVAgPxY 📊109K Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/ddoU0

    @HunterMapping

    14 Jul 2025

    3042 Impressions

    10 Retweets

    55 Likes

    37 Bookmarks

    1 Reply

    0 Quotes

  16. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited In The Wild - https://t.co/9IL91a8iRu #thn #infosec

    @mwyres

    14 Jul 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface. https://t.co/0F5d7o7GH5 https://t.co/U

    @riskigy

    14 Jul 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Hackers exploit CVE-2025-47812 in Wing FTP Server, allowing unauthenticated remote code execution via null byte and Lua injection, enabling user creation and root/SYSTEM code execution on versions 7.4.3 and earlier. #Security https://t.co/MmYv8s0yBN

    @Strivehawk

    13 Jul 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 重大な Wing FTP サーバーの脆弱性が悪用される (CVE-2025-47812) Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) #HelpNetSecurity (Jul 11) https://t.co/ctKqvFKwYq

    @foxbook

    13 Jul 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2025-47812: In Wing FTP Server the user and admin web interfaces mishandle '\0' bytes, allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service https://t.co/XyaHVku9eW

    @ZeroDayFacts

    13 Jul 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Critical RCE Flaw in Wing FTP Server Actively Exploited by Hackers https://t.co/wUQgLDsZ5e #cve-2025-47812 #CybersecurityExploit #LuaScriptInjection #RceVulnerability

    @wizconsults

    13 Jul 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Hackers are exploiting a critical remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, with a devastating CVSS score of 10. This flaw allows attackers to gain full system privileges, and active exploitation began within days of the vulnerability being discl...

    @CybrPulse

    13 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Active exploitation of CVE-2025-47812 in Wing FTP Server versions before 7.4.4 was detected on July 1, 2025, enabling remote code execution via null byte and Lua injection. Attackers attempted post-exploitation activities before being stopped. #Vulnerabi… https://t.co/U5S0RwqYN

    @TweetThreatNews

    13 Jul 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2025-47812

    @transilienceai

    13 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Vulnerabilidad crítica en servidores Wing FTP permite ejecución remota de comandos Se reveló la vulnerabilidad CVE-2025-47812 en servidores Wing FTP, que permite a atacantes ejecutar comandos con privilegios de root o sistema. https://t.co/V4GODCfSQt

    @b3stpractices

    13 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. 【FTPサーバーの深刻な脆弱性】Wing FTP Serverに存在するCVE-2025-47812(CVSS 10.0)が野生で活発に悪用されている。技術詳細公開からわずか1日で攻撃者が実際の悪用を開始した深刻な事態である。

    @nakajimeeee

    13 Jul 2025

    225 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  27. Hackers are exploiting a critical RCE flaw (CVE-2025-47812) in Wing FTP Server, using null byte and Lua code injection to gain system-level access. Update to version 7.4.4 immediately. #CVE #CyberRisk #Australia https://t.co/xlCB2iNYeE

    @TweetThreatNews

    12 Jul 2025

    83 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. #cybersecurity https://t.co/cM3PQQaVVG

    @cybertzar

    12 Jul 2025

    40 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Four suspects linked to Scattered Spider and DragonForce ransomware were arrested in the UK, affecting major retailers like M&S, Co-op, and Harrods with losses up to £440M. Urgent updates needed for CVEs CVE-2025-47812 & CVE-2025-5777. ⚠️ #UK #Ransomware https://t.co

    @TweetThreatNews

    12 Jul 2025

    120 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. A critical vulnerability in the Wing FTP Server (CVE-2025-47812) has surfaced, allowing attackers to execute arbitrary code with root privileges. With over 8,100 servers exposed and real-time exploitation attempts noted, it’s crucial for organizations to upgrade immediately an.

    @CybrPulse

    12 Jul 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Critical #Wing_FTP_Server #Vulnerability (CVE-2025-47812) Actively Being #Exploited in the Wild https://t.co/EYX13OLL9H https://t.co/RjUZz5VHdw

    @omvapt

    12 Jul 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. #threatreport #MediumCompleteness Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild | 10-07-2025 Source: https://t.co/JtUqxk16Oy Key details below ↓ 💀Threats: Screenconnect_tool, Trojan:win32/ceprolad.a, 🎯Victims: Wing ftp server users 🔓CV

    @rst_cloud

    12 Jul 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Wing FTPにおけるCVSSスコア10の脆弱性CVE-2025-47812は、開示から24時間以内には大規模悪用が観測された。Huntress社報告。攻撃成功の確認は1件のみ。4つの攻撃者を観測。 https://t.co/sxKfABbfbt

    @__kokumoto

    12 Jul 2025

    1505 Impressions

    2 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  34. Critical Wing FTP Bug CVE-2025-47812 Now Actively Exploited https://t.co/KreCrx36mt

    @CyberSecuriUS

    12 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨 Critical RCE Exploit in Wing FTP Server (#CVE-2025-47812) Actively Targeted Within 24 Hours of Disclosure https://t.co/3WTgevCq5x

    @UndercodeNews

    11 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. #exploit 1⃣ CVE-2025-5959: Type Confusion in V8 in Google Chrome - https://t.co/YlFKlI5woW 2⃣ CVE-2025-47812: Wing FTP Server RCE Exploit - https://t.co/QIMvUFvKEI 3⃣ SailPoint IQService - RCE via Default Encryption Key - https://t.co/sl0odlvVQ5 4⃣ CVE-2025-5777 (Cit

    @ksg93rd

    11 Jul 2025

    2623 Impressions

    19 Retweets

    71 Likes

    47 Bookmarks

    0 Replies

    0 Quotes

  37. Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) https://t.co/Or9nNLfwq5 https://t.co/mPcOaCbuVT

    @secharvesterx

    11 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/UvqQB9zwr5 https://t.co/TK3VwbhGJw

    @teoseller

    11 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) https://t.co/WjsOJyjf7B #HelpNetSecurity #Cybersecurity https://t.co/H8D67g960j

    @PoseidonTPA

    11 Jul 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Wing FTP Serverにおいて最大深刻度の脆弱性(CVE-2025-47812、CVSS 10.0)が公開直後から悪用されている。 問題はWebインターフェースでのヌルバイト(\0)処理不備により、セッションファイルへの任意Luaコード注入

    @yousukezan

    11 Jul 2025

    1134 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  41. 🚨 Critical flaw in Wing FTP Server (CVE-2025-47812) is being exploited in the wild, allowing remote code execution via null-byte injection. Over 5,000 servers at risk. Attackers are using it for malicious Lua files & persistence. 🔒🌐 #CyberAlert #DataR… https://t.co

    @TweetThreatNews

    11 Jul 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/6ANpz1rzQJ

    @Dinosn

    11 Jul 2025

    1508 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  43. A critical security flaw in Wing FTP Server, identified as CVE-2025-47812, allows remote code execution via Lua injection due to improper handling of null bytes. With over 8,000 vulnerable devices, urgent patching is necessary as active exploitation is already confirmed.

    @CybrPulse

    11 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/knx8eXqjP4 https://t.co/dEJRDqRYfd

    @RigneySec

    11 Jul 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 📌 تم اكتشاف ثغرة أمنية حرجة في خادم FTP الخاص بـ Wing، تُعرف برقم CVE-2025-47812، وتُستغل بنشاط. الثغرة، التي سجلت درجة CVSS 10.0، تتعلق بسوء معالجة بايتات صفرية، مما ي

    @Cybercachear

    11 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🚨 A critical bug in Wing FTP Server (CVE-2025-47812) is under active attack—RCE via null byte injection. Hackers are exploiting it using anonymous FTP access to drop malware & run commands as root. Over 5,000 servers still exposed. Patch now. Details here → https://

    @TheHackersNews

    11 Jul 2025

    9836 Impressions

    36 Retweets

    72 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  47. CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. … https://t.co/SCvBLsiLRE

    @CVEnew

    10 Jul 2025

    612 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  48. [CVE-2025-47812: CRITICAL] Critical vulnerability in Wing FTP Server before 7.4.4 allows remote code execution through user session files, enabling attackers to execute system commands with FTP service privi...#cve,CVE-2025-47812,#cybersecurity https://t.co/GosUWHaJq6 https://t.c

    @CveFindCom

    10 Jul 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. We’re seeing limited exploitation of a remote code execution Wing FTP Server bug (CVE-2025-47812). Organizations running Wing FTP Server should update to the fixed version, version 7.4.4. Here’s what to know: 🤣 👏 😺 😝925 https://t.co/dwx5hxo9SH

    @derrick_nebl

    10 Jul 2025

    40 Impressions

    7 Retweets

    7 Likes

    8 Bookmarks

    9 Replies

    0 Quotes

  50. We’re seeing limited exploitation of a remote code execution Wing FTP Server bug (CVE-2025-47812). Organizations running Wing FTP Server should update to the fixed version, version 7.4.4. Here’s what to know:

    @HuntressLabs

    10 Jul 2025

    7857 Impressions

    11 Retweets

    61 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

Configurations