Wing FTP Server Critical RCE (CVE-2025-48712)
A critical, unauthenticated RCE (CVE‑2025‑47812) in Wing FTP Server is under active exploitation. Users of versions 7.4.3 and earlier must update immediately, or risk full system takeover via crafted FTP sessions.
Overview
CVE-2025-47812 is a critical flaw in Wing FTP Server versions 7.4.3 and earlier. Attackers exploit it via null-byte injection in the username field, allowing execution of arbitrary Lua code as SYSTEM or root on vulnerable servers.
Impact
- No authentication required– attackers can probe and exploit servers remotely.
- Affects over 10,000 organizations, including Airbus and the U.S. Air Force.
- Enables privilege escalation, reconnaissance, persistence, and full server takeover.
Mitigation Steps
- Update to Wing FTP 7.4.4 immediately.
- Disable HTTP/s access and anonymous login in lieu of patching.
- Monitor session directories and logs for suspicious activity.
ThreatGrid Takeaways
- RCE in enterprise file-transfer services is a high-risk, high-impact threat.
- Organizations must balance speed and caution—patch quickly, but isolate/monitor systems until safe.
- Combined with other misconfigurations, this vulnerability can lead to deep network intrusion.
