Ethical Hacking News
Recent discovery of a severe vulnerability in Wing FTP Server highlights the importance of timely patching and keeping software up-to-date. Experts warn that organizations should update to version 7.4.4 as soon as possible to prevent exploitation of CVE-2025-47812.
The Wing FTP Server has a severe vulnerability (CVE-2025-47812) rated at 10.0 on the Common Vulnerability Scoring System (CVSS). The vulnerability was publicly disclosed on May 14, but its findings were published by security researchers on June 30. The main issue with Wing FTP Server is its handling of null bytes in the username field, which can lead to the execution of Lua code and arbitrary commands on the affected system as root. The attackers behind the discovery used publicly available information about the vulnerability to craft their exploit code and were not sophisticated in their approach. Microsoft Defender blocked an attacker's attempted execution of a trojan, thwarting their attempts to exploit the vulnerability. Organizations should update to version 7.4.4 of Wing FTP Server as soon as possible to prevent exploitation of the vulnerability.
The recent discovery of a severe vulnerability in the Wing FTP Server has sent shockwaves through the cybersecurity community. The bug, identified as CVE-2025-47812, is rated at 10.0 on the Common Vulnerability Scoring System (CVSS), making it one of the most critical vulnerabilities to be discovered in recent times.
According to reports, the vulnerability was publicly disclosed on May 14, but it took over a month for security researchers to publish their findings until June 30. The discovery was made by RCE Security, a group of experts who specialize in identifying and reporting vulnerabilities in software applications.
The main issue at play is the way Wing FTP handles null bytes in the username field. When an attacker appends a username input with a %00 null byte, it can lead to the execution of Lua code, which can then be injected into session object files and deserialized by the application. This essentially allows an attacker to execute arbitrary commands on the affected system as root.
The researchers behind the discovery noted that despite the severity of the vulnerability, the attackers did not seem too sophisticated in their approach. The attackers typically use publicly available information about a vulnerability to craft their own exploit code, and it appears that they used the public disclosure of the Wing FTP Server vulnerability in this instance.
Huntress security researchers observed that the attackers began trying to connect to the affected system's Wing FTP server within 24 hours of the public disclosure. By the second day, three attackers had already attempted to connect, with a fourth entering the fray about six and a half hours later. The fourth attacker was unable to execute commands successfully due to "poorly constructed" attempts, but they did manage to enumerate files, create new users, and establish persistent remote access.
The researchers noted that several command execution attempts failed due to "rookie errors," including attempting to use curl mid-attack and trying to download a trojan. However, the attackers were eventually thwarted when Microsoft Defender blocked their attempted execution of the trojan.
This incident highlights the importance of timely patching and keeping software up-to-date. Wing FTP Server has already released version 7.4.4, which patches the CVE-2025-47812 vulnerability. Huntress security researchers emphasized that organizations should update to this version as soon as possible to prevent exploitation of the vulnerability.
Furthermore, this incident underscores how legacy protocols can harbor hidden risks. The use of FTP has been around since the early 1970s and was not initially designed with security in mind. However, secure alternatives such as SFTP (Secure File Transfer Protocol) and managed file transfer solutions have become increasingly popular in recent years.
In conclusion, the discovery of CVE-2025-47812 in Wing FTP Server serves as a reminder of the importance of staying vigilant and up-to-date with software patches. As security researchers continue to identify vulnerabilities in software applications, it is crucial for organizations to take swift action to remediate these issues before they can be exploited by attackers.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Wing-FTP-Server-Vulnerability-A-Case-Study-of-Exploitation-and-Remediation-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/11/1010_wing_ftp_bug_exploited/
Published: Fri Jul 11 14:11:45 2025 by llama3.2 3B Q4_K_M
