July 11, 2025 By Zeljka Zorz
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned.
Wing FTP Server and CVE-2025-47812
Wing FTP Server is a commercial file transfer server solution used by businesses, MSPs and hosting providers.
The software can be installed on 64-bit operating systems: Windows, Windows Server, Linux, and macOS. Administration is done via a web-based interface. Users likewise upload/download files securely via browser.
CVE-2025-47812 is caused by Wing FTP Server’s user and admin web interfaces mishandle “\0” (i.e., “null”) bytes, which allows attackers to inject arbitrary Lua code into user session files.
“[The vulnerability] can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts,” the flaw’s CVE record explains.
