CVE-2025-47812
CVE-2025-47812
In short
Wing FTP Server has a critical flaw where null bytes in the web interface allow attackers to inject malicious code into session files, leading to complete server takeover. This can be exploited remotely even through anonymous accounts.
Technical detail
The vulnerability exploits improper null byte handling in Wing FTP Server's user and admin web interfaces, allowing injection of arbitrary Lua code into session files. Successful exploitation results in remote code execution with FTP service privileges (typically root/SYSTEM), requiring only network access and no authentication if anonymous FTP is enabled.
Summary generated and translated by AI from the official description.
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
wftpserver · Wing FTP Serverpublic PoCs found — 20
githubgithub.com/4m3rr0r/CVE-2025-47812-poc★ 54githubgithub.com/0xcan1337/CVE-2025-47812-poC★ 13githubgithub.com/0xgh057r3c0n/CVE-2025-47812★ 3githubgithub.com/shadowgit30/CVE-2025-47812★ 2githubgithub.com/r0otk3r/CVE-2025-47812★ 2githubgithub.com/blindma1den/CVE-2025-47812★ 1githubgithub.com/0xjuarez/CVE-2025-47812★ 1githubgithub.com/estebanzarate/CVE-2025-47812-Wing-FTP-Server-7.4.3-Unauthenticated-RCE-PoC★ 1githubgithub.com/H3XploR/Exploit_CVE-2025-47812★ 0githubgithub.com/0xS4N4TG/CVE-2025-47812★ 0githubgithub.com/ill-deed/WingFTP-CVE-2025-47812-illdeed★ 0githubgithub.com/pevinkumar10/CVE-2025-47812★ 0githubgithub.com/rxerium/CVE-2025-47812★ 0githubgithub.com/CTY-Research-1/CVE-2025-47812_Lab_environment★ 0githubgithub.com/dkstar11q/Blackash-CVE-2025-47812★ 0githubgithub.com/matesz44/CVE-2025-47812★ 0githubgithub.com/havbay/CVE-2025-47812-PoC★ 0githubgithub.com/popyue/CVE-2025-47812★ 0githubgithub.com/Majdae/CVE-2025-47812-Research★ 0exploitdbwww.exploit-db.com/exploits/52347unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47812https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wildhttps://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/https://www.vicarius.io/vsociety/posts/cve-2025-47812-detection-script-remote-code-execution-vulnerability-in-wing-ftp-serverhttps://www.vicarius.io/vsociety/posts/cve-2025-47812-mitigation-script-remote-code-execution-vulnerability-in-wing-ftp-serverhttps://www.wftpserver.com