Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. The flaw, tracked as CVE-2025-47812, has received the maximum CVSS score of 10.0 and enables unauthenticated remote code execution with root or SYSTEM privileges. Organizations using Wing FTP Server for file transfer operations include major corporations such as Airbus, indicating the potential for significant impact across critical infrastructure sectors.
Source: https://cybersecuritynews.com/wing-ftp-server-vulnerability-exploited/
TPRM report: https://scoringcyber.rankiteo.com/company/airbusgroup
"id": "air819071525",
"linkid": "airbusgroup",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': ['Aerospace', 'Media', 'Defense'],
'location': ['United States',
'China',
'Germany',
'United Kingdom',
'India'],
'name': ['Airbus', 'Reuters', 'U.S. Air Force'],
'type': 'Corporation'}],
'attack_vector': 'Improper handling of null bytes in the Wing FTP Server’s '
'web interface',
'date_detected': '2025-06-30',
'date_publicly_disclosed': '2025-07-01',
'description': 'A critical vulnerability in Wing FTP Server, tracked as '
'CVE-2025-47812, is being actively exploited. The flaw allows '
'unauthenticated remote code execution with root or SYSTEM '
'privileges.',
'impact': {'systems_affected': ['Wing FTP Server installations']},
'initial_access_broker': {'entry_point': 'Anonymous FTP accounts'},
'lessons_learned': 'Organizations should prioritize upgrading to the latest '
'version of Wing FTP Server, conduct thorough security '
'assessments, and implement additional monitoring to '
'detect potential compromise indicators.',
'motivation': 'Gain complete control over the system',
'post_incident_analysis': {'corrective_actions': 'Upgrading to Wing FTP '
'Server version 7.4.4 or '
'later',
'root_causes': 'Improper handling of null bytes in '
'Wing FTP Server’s web interface'},
'recommendations': 'Immediate patching and implementation of protective '
'measures such as disabling anonymous login and monitoring '
'session directories.',
'references': [{'date_accessed': '2025-07-01', 'source': 'Huntress'},
{'source': 'Censys'},
{'source': 'Shadowserver Foundation'}],
'response': {'communication_strategy': ['Vendor has reportedly contacted '
'customers via email with upgrade '
'guidance'],
'containment_measures': ['Disabling or restricting HTTP/HTTPS '
'access to the Wing FTP web portal',
'Disabling anonymous login '
'functionality',
'Monitoring session directories for '
'suspicious .lua files',
'Implementing network segmentation to '
'limit exposure'],
'enhanced_monitoring': ['Monitoring session directories for '
'suspicious .lua files'],
'network_segmentation': ['Implementing network segmentation to '
'limit exposure'],
'remediation_measures': ['Upgrading to Wing FTP Server version '
'7.4.4 or later']},
'title': 'Active Exploitation of CVE-2025-47812 in Wing FTP Server',
'type': 'Remote Code Execution',
'vulnerability_exploited': 'CVE-2025-47812'}