CVE-2025-47812 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-07-10

Added to CISA KEV: 2025-07-14 4 DAYS BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
IMMEDIATE: Upgrade Wing FTP Server to version 7.4.4 or later
URGENT: If immediate patching is not possible, temporarily disable or restrict network access to Wing FTP Server instances
Monitor for unauthorized access attempts and unusual system activity on FTP servers
Implement network segmentation to limit exposure of FTP servers
Review and harden FTP server configurations, disable anonymous access if not required

Vulnerability Alert: CVE-2025-47812: Wing FTP Server Remote Code...
... internet-facing Wing FTP Server instances are currently vulnerable ... Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812).
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being ...
Critical vulnerability (CVE-2025-47812) in Wing FTP Server exposed to active exploitation via Lua injection. Immediate patching needed.
Known Exploited Vulnerabilities Catalog | CISA
CVE-2025-47812.This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).
CVE-2025-47812 - Vulnerability Details - OpenCVE
This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Hackers are exploiting critical RCE flaw in Wing FTP Server
Threat researchers at managed cybersecurity platform Huntress created a proof-of-concept exploit for CVE-2025-47812 and show in the video below how hackers could leverage it in attacks:

🔴 CVE-2025-47812