CVE-2025-47812
AI description
CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.
- Description
- -
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
26
A critical vulnerability (CVE-2025-47812) in Wing FTP Server allows attackers to take full control of servers through unauthenticated remote code execution. With a maximum CVSS score of 10, this flaw affects many organizations globally, particularly those with public-facing FT...
@CybrPulse
3 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A newly discovered critical vulnerability, CVE-2025-47812, in Wing FTP Server allows unauthenticated attackers to take complete control of affected servers. With a CVSSv4 score of 10.0, it's crucial for organizations to update to version 7.4.4 immediately to mitigate severe ri...
@CybrPulse
3 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-47812 – Wing FTP Server RCE via Lua Injection https://t.co/8Oj9mBBDw7 https://t.co/JeVI9clRKy
@cyber_advising
3 Jul 2025
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #WingFTPServer: disponibile un #PoC per lo sfruttamento della CVE-2025-47812 presente nel noto software per la gestione di server FTP Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/SdVkDWH17y 🔄 Aggiornamenti disponibil… https://t.
@Vulcanux_
2 Jul 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47812: RCE in Wing FTP Server, 10.0 rating 🔥🔥🔥 NULL byte injection vulnerability allows attacker to take full control of Wing server. PoC is now available! Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/SYJcizrGMQ #cybersecurity #vulnerability_map
@Netlas_io
2 Jul 2025
948 Impressions
6 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
GitHub - 0xcan1337/CVE-2025-47812-poC: Simple exploit for Wing FTP Server RCE (CVE-2025-47812) to run commands and get a reverse shell. For educational use only. - https://t.co/sGXgu6rxkl
@piedpiper1616
2 Jul 2025
2837 Impressions
15 Retweets
47 Likes
20 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) Exploit Link: https://t.co/ESMP6h8nug Writeup: https://t.co/YGVZXNQjo2 https://t.co/mBD8aZyfbw
@DarkWebInformer
1 Jul 2025
7146 Impressions
6 Retweets
30 Likes
19 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-47812 - critical 🚨 Wing FTP Server <= 7.4.3 - Remote Code Execution > Wing FTP Server versions prior to 7.4.4 are vulnerable to an unauthenticated remote c... 👾 https://t.co/W95iwDuXw2 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
1 Jul 2025
1140 Impressions
5 Retweets
20 Likes
7 Bookmarks
0 Replies
0 Quotes
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security https://t.co/6b1m8NeCe0
@akaclandestine
1 Jul 2025
1136 Impressions
0 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/av5c0yf2Lk 🚨🚨CVE-2025-47812: Wing FTP Server RCE! Hackers can exploit a nasty null byte injection flaw to run ANY code as root/SYSTEM—no login needed! ZoomEye Dork👉app="Wing FTP Server" Over 78K+ vulner
@zoomeye_team
1 Jul 2025
20662 Impressions
41 Retweets
157 Likes
94 Bookmarks
2 Replies
3 Quotes
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) https://t.co/uMrGlTp6NX https://t.co/YbPTqh6MXh
@secharvesterx
1 Jul 2025
182 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) https://t.co/IqvJhoszYI
@_r_netsec
30 Jun 2025
886 Impressions
0 Retweets
5 Likes
6 Bookmarks
0 Replies
0 Quotes