CyberSecurityBoard
Sponsor Register Login

Wing FTP Server Vulnerability Let Attackers Take Full Server Control

This remote code execution (RCE) flaw exploits improper NULL byte handling in the server’s authentication mechanism, enabling attackers to inject arbitrary Lua code and execute system commands with elevated privileges. Additionally, organizations should review their FTP server configurations and consider implementing network-level protections such as firewalls and intrusion detection systems to monitor for exploitation attempts targeting this vulnerability. The injected code can execute arbitrary operating system commands, including id in this example, which returns user information on Unix-like systems. The vulnerability’s impact is particularly severe because Wing FTP Server typically runs with elevated privileges, as root on Linux systems and NT AUTHORITY/SYSTEM on Windows platforms. CVE-2025-47812, critical RCE vulnerability in Wing FTP Server ≤7.4.3 via NULL byte injection in /loginok.html endpoint. The exploit mechanism leverages the server’s Lua scripting engine, which Wing FTP Server uses internally for various operations. The attack vector is especially dangerous for servers configured to allow anonymous FTP access, as it provides a completely unauthenticated path to system compromise.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Jul 2025 09:25:22 +0000


Cyber News related to Wing FTP Server Vulnerability Let Attackers Take Full Server Control

Wing FTP Server Vulnerability Actively Exploited - 2000+ Servers Exposed Online - Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. Organizations operating Wing FTP Server installations should prioritize upgrading to ...
3 weeks ago Cybersecuritynews.com CVE-2025-47812
Hackers are exploiting critical RCE flaw in Wing FTP Server - Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The attacker sent malformed login requests with null-byte-injected ...
4 weeks ago Bleepingcomputer.com CVE-2025-47812
Wing Security unveils automated protection against AI-SaaS risks - Wing Security unveils an automatic advanced approach to counter the evolving risks of Intellectual Property and data leakage into GenAI applications. Amidst the growing adoption of GenAI, and the many SaaS applications powered by GenAI, Wing brings ...
1 year ago Helpnetsecurity.com
Wing FTP Server Vulnerability Let Attackers Take Full Server Control - This remote code execution (RCE) flaw exploits improper NULL byte handling in the server’s authentication mechanism, enabling attackers to inject arbitrary Lua code and execute system commands with elevated privileges. Additionally, ...
1 month ago Cybersecuritynews.com CVE-2025-47812
CISA Warns of Wing FTP Server Vulnerability Actively Exploited in Attacks - The vulnerability, tracked as CVE-2025-47812, poses significant risks to organizations using this popular file transfer solution and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline. ...
3 weeks ago Cybersecuritynews.com CVE-2025-47812
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
1 year ago Securityboulevard.com
CVE-2015-5361 - Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client ...
2 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2020-26299 - ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's ...
4 years ago
CVE-2023-37881 - Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: < 7.2.0. ...
1 year ago
CVE-2018-0087 - A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The ...
5 years ago
CVE-2023-37875 - Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: < 7.2.0. ...
1 year ago
CVE-2023-37878 - Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: < 7.2.0. ...
1 year ago
CVE-2023-37879 - Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: < 7.2.0. ...
1 year ago
CVE-2020-9470 - An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies ...
4 years ago
Optimize Control Health Management Across Business Levels: Introducing Scopes - Managing controls across multiple business units becomes increasingly challenging and costly as operational requirements evolve. To help compliance leaders efficiently view and manage control health across product lines, geographies and business ...
1 year ago Securityboulevard.com
Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak - The Air Force has disciplined 15 personnel in connection with the massive classified documents leak by an airman earlier this year, concluding that multiple officials intentionally failed to take required action on his suspicious behavior, the Air ...
1 year ago Securityweek.com
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
1 year ago Wordfence.com
CVE-2018-18370 - The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject ...
4 years ago
CVE-2018-18371 - The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext ...
4 years ago
Multiple Vulnerabilities in Sante PACS Server - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
4 months ago Tenable.com
CVE-2020-3564 - A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ...
1 year ago
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
4 months ago Cybersecuritynews.com
Google Cloud Platform (GCP) Privilege Escalation Vulnerability in GCP Cloud Run - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
5 months ago Tenable.com
Progress WhatsUp Gold Unauthenticated Wireless MAC Group Manipulation - Research Advisory | Tenable® - Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Enjoy full access to a modern, cloud-based vulnerability management platform that enables you ...
3 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)