By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Computing > Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
Computing

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

News Room
Last updated: 2025/07/11 at 7:30 AM
News Room Published 11 July 2025
Share
SHARE

Jul 11, 2025Ravie LakshmananCyber Attack / Vulnerability

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress.

The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null (‘’) bytes in the server’s web interface, which allows for remote code execution. It has been addressed in version 7.4.4.

“The user and admin web interfaces mishandle ‘’ bytes, ultimately allowing injection of arbitrary Lua code into user session files,” according to an advisory for the flaw on CVE.org. “This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).”

Cybersecurity

What makes it even more concerning is that the flaw can be exploited via anonymous FTP accounts. A comprehensive breakdown of the vulnerability entered the public domain towards the end of June 2025, courtesy of RCE Security researcher Julien Ahrens.

Cybersecurity company Huntress said it observed threat actors exploiting the flaw to download and execute malicious Lua files, conduct reconnaissance, and install remote monitoring and management software.

“CVE-2025-47812 stems from how null bytes are handled in the username parameter (specifically related to the loginok.html file, which handles the authentication process),” Huntress researchers said. “This can allow remote attackers to perform Lua injection after using the null byte in the username parameter.”

“By taking advantage of the null-byte injection, the adversary disrupts the anticipated input in the Lua file which stores these session characteristics.”

Evidence of active exploitation was first observed against a single customer on July 1, 2025, merely a day after details of the exploit were disclosed. Upon gaining access, the threat actors are said to have run enumeration and reconnaissance commands, created new users as a form of persistence, and dropped Lua files to drop an installer for ScreenConnect.

Cybersecurity

There is no evidence that the remote desktop software was actually installed, as the attack was detected and stopped before it could progress any further. It’s currently not clear who is behind the activity.

Data from Censys shows that there are 8,103 publicly-accessible devices running Wing FTP Server, out of which 5,004 have their web interface exposed. The majority of the instances are located in the U.S., China, Germany, the U.K., and India.

In light of active exploitation, it’s essential that users move quickly to apply the latest patches and update their Wing FTP Server versions of 7.4.4 or later.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article There’s just a few more hours to get this Shark vacuum for under £180
Next Article Accel, General Catalyst Topped Increasingly Busy Active Investor Ranks In Q2
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

Best Carpet Cleaners: I Used Real Life Messes as the Ultimate Test
News
From supermarket to data centers
Mobile
Today’s Your Last Chance to Get AirPods Pro 2 for $149 and AirPods 4 for $89 in Prime Day Sales
News
The Amazfit Active 2, one of our favorite fitness trackers, is just $79.99 right now
News

You Might also Like

Computing

10 Miro Retrospective Templates to Improve Every Sprint

29 Min Read
Computing

How Gas Network’s “Capture the Gap” Game Is Tackling The $1 Billion On-Chain Efficiency Problem | HackerNoon

8 Min Read
Computing

AMD Radeon RX 9070 Ray-Tracing Performance Improving With Mesa 25.2

2 Min Read
Computing

10 Best Acuity Scheduling Alternatives to Try in 2025 |

29 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?