Hackers quickly exploited a critical remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server shortly after its details became public, leveraging the flaw to execute malicious commands and achieve system-level access. Security researchers have observed multiple attack attempts, emphasizing the urgency for affected organizations to update to the patched version 7.4.4 or implement recommended mitigations. #CVE-2025-47812 #WingFTPServer #RemoteCodeExecution
Keypoints
- A critical vulnerability in Wing FTP Server allows unauthenticated remote code execution via null byte and Lua code injection.
- The flaw stems from unsafe handling of null-terminated strings and poor input sanitization, affecting versions 7.4.3 and earlier.
- Attackers use malformed login requests to inject malicious Lua scripts that execute remote payloads on the server.
- Multiple threat actors have targeted vulnerable servers, attempting reconnaissance, persistence, and data exfiltration.
- Organizations are recommended to update server software to version 7.4.4 or apply security measures like disabling web portal access and monitoring session directories.