CVE-2025-47812
Published Jul 10, 2025
Last updated a month ago
AI description
CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.
- Description
- In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- wing_ftp_server
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
- Exploit added on
- Jul 14, 2025
- Exploit action due
- Aug 4, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-158
- Hype score
- Not currently trending
What the NULL?! Pre-Auth Wing FTP Server RCE (CVE-2025-47812) https://t.co/7XG7Hb7SrD
@reverseame
20 Aug 2025
1849 Impressions
8 Retweets
13 Likes
6 Bookmarks
2 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://t.co/J1FGE5WpKy
@ByteCheck101
11 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #CVE202547812 CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases https://t.co/1tT68BvENC
@Komodosec
8 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea
@FireCompass
31 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47812 Wing FTP Server allows RCE via null byte injection, leading to full server compromise. Exploited in the wild. 🔗 https://t.co/bnW1B52yO5 #CVE #RCE #Security #WingFTP #CyberSecurity #Exploit
@r0otk3r
27 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Aktívan kihasználják a Wing FTP nemrég felfedezett RCE sebezhetőségét A Huntress kiberbiztonsági vállalat kutatói 2025. július 1-jén észlelték a CVE-2025-47812 azonosítójú, CVSS 10-es súlyosságú távoli kódfuttatási hiba kihasználására irányuló első p
@linuxmint_hun
24 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild #CISO https://t.co/2QM3So1mdO https://t.co/lMe3GhAyB7
@compuchris
24 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47812 is a critical vulnerability stemming from multiple flaws in the user authentication and session management mechanisms of Wing FTP Server. This vulnerability is particularly severe because Wing FTP Server typically runs with root privileges on Linux systems or http
@CyberPentestLab
22 Jul 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild A recently disclosed maximum-sever 𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝗧𝘄𝗶𝘁𝘁𝗲𝗿 𝗳𝗮𝗺𝗶𝗹𝘆. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀! @thehackersnews @edgeitech @edg
@Edgeitech
22 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files.. Github link: https://t.co/Ie6zT4xyEg
@PoC_in_Github
19 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Une vulnérabilité critique (CVE-2025-47812) a été découverte dans le logiciel de serveur FTP de Wing, permettant potentiellement des attaquants à distance de prendre le contrôle des systèmes affectés. Cette faille est activement exploitée dans la nature, posant une mena
@Sh3lmiYotr
18 Jul 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Wing FTP Server RCE Alert (CVE-2025-47812) 🚨 Null byte injection = root/SYSTEM access! Affects versions < 7.4.4 on all platforms. Even anonymous users are a threat. Patch now! ⚠️ 🔗 https://t.co/z9V18PCy3c #CyberSecurity #SOCAlert https://t.co/fqL5vK6qbG
@sequretek_sqtk
18 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Unauthenticated RCE in Wing FTP: CVE-2025-47812 allows attackers to execute arbitrary code as root or SYSTEM without logging in. A critical flaw with major impact, including full system compromise and lateral movement. Learn more and test your exposure with #NodeZero at htt
@Horizon3ai
17 Jul 2025
1685 Impressions
13 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Luego de hacer algunas pruebas ya puedo publicar mi segundo exploit He creado un exploit para la CVE-2025-47812 (Solo para fines educativos) https://t.co/DsrHU8Jyh8
@blindma1den
17 Jul 2025
2758 Impressions
11 Retweets
92 Likes
25 Bookmarks
2 Replies
0 Quotes
Discover how a single NULL byte led to a full server takeover in Wing FTP Server. CVE-2025-47812 exposes a critical flaw in input handling that allowed unauthenticated remote code execution. . . . #CyberSecurity #WingFTP #RCE #CVE2025 #VulnerabilityAnalysis #PatchNow #Infosec htt
@kratikal
17 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 CISA adds Wing FTP Server flaw (CVE-2025-47812) to KEV catalog. Actively exploited. #CyberSecurity #CISA https://t.co/C8GEPPfuZT https://t.co/yVVfWGMePw
@CyberHub_blog
17 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild #CISO https://t.co/70mLmbSSEs https://t.co/z97Gh0EuJ0
@compuchris
17 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Looks like Wing FTP Server got winged. A juicy RCE vuln (CVE-2025-47812, CVSS 10/10 ) is being actively exploited. some guys are injecting Lua code via null bytes like it’s a coding party. https://t.co/SpBm7vmizq
@__h7u
16 Jul 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47812: RCE in Wing FTP Server (<7.4.4) lets attackers inject Lua code via null byte handling in session files—leads to root/SYSTEM takeover, even via anonymous FTP. ⚠️ In the wild | PoC on GitHub | EPSS: 83% ➡️ https://t.co/RUWxS4gco1 https://t.co/RX9
@rapidriskradar
16 Jul 2025
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit critical Wing FTP flaw CVE-2025-47812 is a critical remote code execution flaw (CVSS 10) in Wing FTP Server, affecting all versions before 7.4.4. The vulnerability stems from improper handling of null bytes, allowing attackers to inject Lua code into session http
@dCypherIO
15 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad del servidor Wing FTP ❗CVE-2025-47812 ➡️Más info: https://t.co/8JwuofmpBK https://t.co/y7hk6vbtIy
@CERTpy
15 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVSS 10.0: Critical Vulnerability in Wing FTP Exposed Airbus and U.S. Air Force to Attacks #cve #rce #ftp Researchers from Huntress have detected active exploitation of the CVE-2025-47812 vulnerability in Wing FTP Server, which received the maximum severity score of CVSS 10.0 and
@RedDogSecurity1
15 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC : https://t.co/UAB7UneYwW 👉Dorks: HUNTER: https://t.co/G5LwnS1fm6="Wing FTP Server" https://t.co/RIsL6ELmrq
@HackingTeam777
15 Jul 2025
485 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Wing FTP Serverに深刻な脆弱性(CVE-2025-47812)が確認され、技術詳細公開翌日に実際の攻撃が観測された。 この欠陥はCVSSスコア10.0で、未認証のリモートコード実行を可能にする。 攻撃はnullバイトとLuaコードを悪
@yousukezan
14 Jul 2025
616 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨🚨⚠️ALERTE CVE-2025-47812 Wing FTP Server vulnérable à une RCE (CVSS 10.0). Attaques actives depuis le 1er juil. 2025 ! Une faille critique permet un contrôle total à distance. Détails #CyberSec #RCE #WingFTPServerImpact : vol de données, malwares (ex. ScreenCon
@JonathanAd12614
14 Jul 2025
15 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🛡️ CISA just added CVE-2025-47812 to its KEV Catalog, highlighting a serious flaw in Wing FTP Server. Time to patch up before your server gets more unwanted guests than a holiday party! #Cybersecurity #WindowsForum #StaySafe https://t.co/izV25oeixc
@windowsforum
14 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability https://t.co/GhE9mi8MBR
@ScyScan
14 Jul 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️We added Wing FTP Server improper neutralization of null byte or NUL character vulnerability CVE-2025-47812 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@CISACyber
14 Jul 2025
6030 Impressions
13 Retweets
40 Likes
3 Bookmarks
1 Reply
1 Quote
A critical vulnerability in Wing FTP Server (CVE-2025-47812) is actively being exploited, allowing remote code execution with root access. Over 8,000 systems are exposed globally, indicating a severe risk for organizations using this software, particularly those in critical se...
@CybrPulse
14 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2025-47812 (CVSS score: 10.0): Wing FTP Server Remote Code Execution (RCE) vulnerability 🔥PoC :https://t.co/8obF5nbeUO 🧐Deep Dive :https://t.co/izWfVAgPxY 📊109K Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/ddoU0
@HunterMapping
14 Jul 2025
3042 Impressions
10 Retweets
55 Likes
37 Bookmarks
1 Reply
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited In The Wild - https://t.co/9IL91a8iRu #thn #infosec
@mwyres
14 Jul 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface. https://t.co/0F5d7o7GH5 https://t.co/U
@riskigy
14 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit CVE-2025-47812 in Wing FTP Server, allowing unauthenticated remote code execution via null byte and Lua injection, enabling user creation and root/SYSTEM code execution on versions 7.4.3 and earlier. #Security https://t.co/MmYv8s0yBN
@Strivehawk
13 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
重大な Wing FTP サーバーの脆弱性が悪用される (CVE-2025-47812) Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) #HelpNetSecurity (Jul 11) https://t.co/ctKqvFKwYq
@foxbook
13 Jul 2025
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47812: In Wing FTP Server the user and admin web interfaces mishandle '\0' bytes, allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service https://t.co/XyaHVku9eW
@ZeroDayFacts
13 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE Flaw in Wing FTP Server Actively Exploited by Hackers https://t.co/wUQgLDsZ5e #cve-2025-47812 #CybersecurityExploit #LuaScriptInjection #RceVulnerability
@wizconsults
13 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting a critical remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, with a devastating CVSS score of 10. This flaw allows attackers to gain full system privileges, and active exploitation began within days of the vulnerability being discl...
@CybrPulse
13 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Active exploitation of CVE-2025-47812 in Wing FTP Server versions before 7.4.4 was detected on July 1, 2025, enabling remote code execution via null byte and Lua injection. Attackers attempted post-exploitation activities before being stopped. #Vulnerabi… https://t.co/U5S0RwqYN
@TweetThreatNews
13 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-47812
@transilienceai
13 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad crítica en servidores Wing FTP permite ejecución remota de comandos Se reveló la vulnerabilidad CVE-2025-47812 en servidores Wing FTP, que permite a atacantes ejecutar comandos con privilegios de root o sistema. https://t.co/V4GODCfSQt
@b3stpractices
13 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【FTPサーバーの深刻な脆弱性】Wing FTP Serverに存在するCVE-2025-47812(CVSS 10.0)が野生で活発に悪用されている。技術詳細公開からわずか1日で攻撃者が実際の悪用を開始した深刻な事態である。
@nakajimeeee
13 Jul 2025
225 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Hackers are exploiting a critical RCE flaw (CVE-2025-47812) in Wing FTP Server, using null byte and Lua code injection to gain system-level access. Update to version 7.4.4 immediately. #CVE #CyberRisk #Australia https://t.co/xlCB2iNYeE
@TweetThreatNews
12 Jul 2025
83 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. #cybersecurity https://t.co/cM3PQQaVVG
@cybertzar
12 Jul 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Four suspects linked to Scattered Spider and DragonForce ransomware were arrested in the UK, affecting major retailers like M&S, Co-op, and Harrods with losses up to £440M. Urgent updates needed for CVEs CVE-2025-47812 & CVE-2025-5777. ⚠️ #UK #Ransomware https://t.co
@TweetThreatNews
12 Jul 2025
120 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in the Wing FTP Server (CVE-2025-47812) has surfaced, allowing attackers to execute arbitrary code with root privileges. With over 8,100 servers exposed and real-time exploitation attempts noted, it’s crucial for organizations to upgrade immediately an.
@CybrPulse
12 Jul 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical #Wing_FTP_Server #Vulnerability (CVE-2025-47812) Actively Being #Exploited in the Wild https://t.co/EYX13OLL9H https://t.co/RjUZz5VHdw
@omvapt
12 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild | 10-07-2025 Source: https://t.co/JtUqxk16Oy Key details below ↓ 💀Threats: Screenconnect_tool, Trojan:win32/ceprolad.a, 🎯Victims: Wing ftp server users 🔓CV
@rst_cloud
12 Jul 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wing FTPにおけるCVSSスコア10の脆弱性CVE-2025-47812は、開示から24時間以内には大規模悪用が観測された。Huntress社報告。攻撃成功の確認は1件のみ。4つの攻撃者を観測。 https://t.co/sxKfABbfbt
@__kokumoto
12 Jul 2025
1505 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
1 Quote
Critical Wing FTP Bug CVE-2025-47812 Now Actively Exploited https://t.co/KreCrx36mt
@CyberSecuriUS
12 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE Exploit in Wing FTP Server (#CVE-2025-47812) Actively Targeted Within 24 Hours of Disclosure https://t.co/3WTgevCq5x
@UndercodeNews
11 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34AF9E83-291C-40B0-AE69-34C9B59A5D03",
"versionEndExcluding": "7.4.4"
}
],
"operator": "OR"
}
]
}
]