InfoSecBulletin Cybersecurity for mankind
Security researchers warn that hackers are exploiting a critical vulnerability in Wing FTP Server to gain control of affected systems.
The vulnerability identified as CVE-2025-47812 can allow remote code execution at the root level due to a null byte and Lua injection issue, according to Huntress researchers.
Node.js Flaws Expose Windows Apps to Path Traversal & HashDoS Attacks
Broadcom fixes multiple vulnerabilities in VMware ESXi, Workstation, and Fusion
Oracle Patched 309 Vulnerabilities with 145 Remotely Exploitable Flaw
Microsoft Extends 365 Support Until 2028 with ESU Program
Meta’s $100B AI Push: Gigawatt-Size Data Centers Spark Water Crisis
4 vulns impact Gigabyte motherboards to UEFI malware bypassing Secure Boot
Wing FTP 2000+ Servers Exposed Online: Actively Exploiting
CVE-2025-7503 (CVSS 10)
Backdoor in popular IP Camera Allows Hackers Root Access
(CVE-2025-25257)
Patch Urgently! Exploits for pre-auth Fortinet FortiWeb RCE flaw released
GP launched appless ‘GP Shield’ to protect mobile for only 50 TK
Huntress researchers noticed a customer being exploited on July 1, just one day after the previous vulnerability research was published.
Attackers can exploit the vulnerability by crafting a specific input in Lua, the programming language used for handling sessions in Wing FTP.
Wing FTP has about 10,000 customers, including major companies. They informed Cybersecurity Dive that they’ve emailed customers with instructions to fix the vulnerability through an upgrade.
Shadowserver Foundation researchers noted that exploitation of a vulnerability has been occurring since July 1. They estimate about 2,000 computers use Wing FTP and are currently identifying how many may be vulnerable.
The U.S., China and Germany have the most potential exposures, according to Shadowserver.
RCE Security said it discovered the problem while performing a test for one of its customers.
The company warned that the flaw could enable root-level access, allowing attackers to gain significant control.
“Ultimately, this means that an unauthenticated attacker can escalate their privileges to the highest possible ones, which usually always means a total server compromise, including all secrets such as passwords,” said Julien Ahrens, a penetration tester at RCE security. “They can read, modify and delete any file.”
This could not only enable data to be quietly exfiltrated, but systems are also potentially vulnerable to ransomware.
