Wing FTP Vulnerability Actively Exploited Globally
bankinfosecurityRemote Code Execution Flaw Affects More Than 5,000 Servers Prajeet Nair (@prajeetspeaks) • July 14, 2025
Threat actors are exploiting a critical-severity vulnerability in a server file transfer solution to execute arbitrary code remotely with root and system privileges.
See Also: OnDemand I Remediate the Most Exploitable Vulnerabilities First and Fast
First disclosed by researcher Julien Ahrens of RCE Security on June 30, the flaw - tracked as CVE-2025-47812 - in Wing FTP Server, stems from improper handling of � - null bytes in Wing FTP's web interface. According to the CVE advisory, the vulnerability affects versions before 7.4.4 and carries a maximum CVSS score of 10.0, underscoring its severity and ease of exploitation.
"This can be used to execute arbitrary system commands with the privileges of the FTP service, root or system by default ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE