Hackers are exploiting a critical vulnerability in Wing FTP Server (CVE-2025-47812) that allows remote code execution through null byte injection and Lua code manipulation. This flaw affects versions up to 7.4.3 and has led to targeted attacks, with potential risks for thousands of exposed servers. #WingFTPServer #CVE202547812
Keypoints
- The vulnerability involves mishandling of null bytes, enabling arbitrary Lua code injection.
- Exploitation can lead to full server compromise by executing malicious commands remotely.
- Attackers can exploit the flaw using an anonymous FTP account or a crafted username during login.
- A patch was released in version 7.4.4, but attackers began exploiting the vulnerability shortly after disclosure.
- Indicators of compromise include suspicious activity in the Wing FTP installation folder and log files.
Read More: https://www.securityweek.com/critical-wing-ftp-server-vulnerability-exploited/