CISA Issues Alert on Actively Exploited Wing FTP Server Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Wing FTP Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the security flaw in the wild.

Critical Security Flaw Enables System Takeover

The vulnerability, tracked as CVE-2025-47812, affects Wing FTP Server and involves improper neutralization of null byte or NUL character handling.

This weakness allows attackers to inject arbitrary Lua code into user session files, potentially leading to complete system compromise.

The flaw is particularly dangerous because it can enable attackers to execute arbitrary system commands with the elevated privileges of the FTP service, typically running as root on Linux systems or SYSTEM on Windows platforms.

The vulnerability is classified under CWE-158, which relates to improper neutralization of null byte or NUL character vulnerabilities.

This type of security flaw can be exploited when applications fail to properly handle null bytes in ...