Vulnerability cyber

Wing FTP Server

Jul 11, 2025 1 min read
Wing FTP Server

Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server. The vulnerability allows attackers to inject arbitrary Lua code into user session files, potentially leading to total server compromise. Although the attack was spotted quickly and the machine isolated, the incident highlights the ongoing threat. Organizations are advised to update to version 7.4.4 to protect themselves.

Source: https://www.helpnetsecurity.com/2025/07/11/critical-wing-ftp-server-vulnerability-exploited-in-the-wild-cve-2025-47812/

TPRM report: https://scoringcyber.rankiteo.com/company/censysio

"id": "cen429071125",
"linkid": "censysio",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Various',
                        'type': 'Businesses, MSPs, Hosting Providers'}],
 'attack_vector': 'Exploitation of vulnerability CVE-2025-47812',
 'date_detected': '2025-07-01',
 'date_publicly_disclosed': '2025-06-30',
 'description': 'Threat actors are actively exploiting a recently fixed remote '
                'code execution vulnerability (CVE-2025-47812) in Wing FTP '
                'Server, which allows attackers to execute arbitrary system '
                'commands with the privileges of the FTP service.',
 'impact': {'systems_affected': 'Wing FTP Server'},
 'initial_access_broker': {'backdoors_established': 'New users created for '
                                                    'persistence',
                           'entry_point': 'Anonymous FTP accounts or '
                                          'compromised credentials'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Ensure timely updates and patches to software, monitor '
                    'suspicious activities',
 'motivation': 'Unauthorized access and control',
 'post_incident_analysis': {'corrective_actions': 'Update to Wing FTP Server '
                                                  'v7.4.4, enhance monitoring '
                                                  'and security measures',
                            'root_causes': 'Exploitation of CVE-2025-47812 due '
                                           'to mishandling of null bytes in '
                                           'user and admin web interfaces'},
 'recommendations': 'Update to Wing FTP Server v7.4.4, monitor for suspicious '
                    'activities, and implement robust security measures',
 'references': [{'date_accessed': '2025-07-08',
                 'source': 'Huntress researchers'}],
 'response': {'containment_measures': 'Isolation of the affected machine',
              'remediation_measures': 'Update to Wing FTP Server v7.4.4'},
 'title': 'Exploitation of CVE-2025-47812 in Wing FTP Server',
 'type': 'Remote Code Execution',
 'vulnerability_exploited': 'CVE-2025-47812'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

GeoServer

public 1 min read
A critical remote code execution vulnerability in GeoServer, designated CVE-2024-36401, has been exploited by cybercriminals to deploy cryptocurrency mining malware.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.