What is the Vulnerability?CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to 7.4.4, and, if successfully exploited, may allow remote attackers to execute arbitrary code within the context of the vulnerable application. The vulnerability stems from null byte handling issues and a Lua injection flaw, which can lead to root or SYSTEM-level code execution.CISA has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation on July 14, 2025.What is the recommended Mitigation?The vendor has released a patch addressing the issue. There are already reports of the vulnerability being actively exploited in the wild, which underscores the urgency for affected users to update their systems immediately.https://www.wftpserver.com/serverhistory.htmWhat FortiGuard Coverage is available?FortiGuard Endpoint Vulnerability Service offers a systematic and automated method for patching applications on endpoints, eliminating manual processes while reducing the attack surface. https://www.fortiguard.com/encyclopedia/endpoint-vuln/6173Indicators of Compromise (IOC) Service FortiGuard Labs has blocked all the known Indicators of Compromise (IOCs) linked to the campaigns targeting the Wing FTP Remote Code Execution Vulnerability (CVE-2025-47812).FortiGuard IPS coverage is currently under evaluation and will be added once available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.Read More
Wing FTP Remote Code Execution Vulnerability
by
Tags: