Wing FTP Server 7.4.4前版本存在严重漏洞CVE-2025-47812,允许攻击者无需认证执行任意命令,导致系统控制、数据访问等风险。建议升级至最新版本修复。 2025-7-17 15:9:53 Author: horizon3.ai(查看原文) 阅读量:29 收藏
Wing FTP
CVE-2025-47812 is a critical vulnerability in Wing FTP Server versions prior to 7.4.4 that allows attackers to execute arbitrary commands on the server without authentication by exploiting improper input validation.
Exploiting this vulnerability can allow an attacker to gain complete control over the affected system. This includes accessing sensitive data, modifying or deleting system resources, and lateral movement.
Impact
Successful exploitation of the Null Wing FTP Server RCE (CVE-2025-47812) vulnerability can lead to:
- Bypassing authentication, even with an anonymous, read-only account.
- Remote code execution as the root user on Linux or the SYSTEM user on Windows.
- Injection and execution of arbitrary Lua code by an attacker.
- Complete control over the affected system, including access to sensitive data, modification or deletion of system resources, and potential for further attacks.
Mitigations
- Upgrade to the latest patched version of Wing FTP.
Rapid Response N-Day Testing
Read about other CVEs
NodeZero® Platform
Implement a continuous find, fix, and verify loop with NodeZero
The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Recognized By
如有侵权请联系:admin#unsafe.sh