Wing FTP Remote Code Execution Vulnerability

Threat Signal Report Wing FTP Remote Code Execution Vulnerability Description What is the Vulnerability? CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to 7.4.4, and, if successfully exploited, may allow remote attackers to execute arbitrary code within the context of the vulnerable application. The vulnerability stems from null byte handling issues and a Lua injection flaw, which can lead to root or SYSTEM-level code execution.CISA has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation on July 14, 2025. What is the recommended Mitigation? The vendor has released a patch addressing the issue. There are already reports of the vulnerability being actively exploited in the wild, which underscores the urgency for affected users to update their systems immediately. What FortiGuard Cove...