A critical vulnerability in Wing FTP Server allows attackers to execute remote code without authentication, risking complete server compromise. Organizations running versions up to 7.4.3 must update to version 7.4.4 to stay protected. #WingFTPServer #CVE-2025-47812
Keypoints
- The vulnerability affects Wing FTP Server versions up to and including 7.4.3.
- It exploits improper handling of NULL bytes in the /loginok.html endpoint, enabling arbitrary Lua code execution.
- The flaw allows full server takeover, especially if anonymous access is enabled, and runs with high privileges.
- Update to Wing FTP Server version 7.4.4 is recommended to mitigate the risk.
- Implementing strong access controls and monitoring are crucial for enhanced security.
Read More: https://gbhackers.com/wing-ftp-server-vulnerability/