Wing FTP Flaw Exploited as 2,000 Servers Exposed Online

A critical security flaw in Wing FTP Server is under active exploitation, according to researchers who confirmed attacks began just one day after technical details were published. Tracked as CVE-2025-47812, the vulnerability carries a maximum CVSS score of 10.0 and allows unauthenticated remote code execution with root or SYSTEM privileges. Security teams have warned that the Wing FTP flaw exploited in recent attacks could provide full system control through a specially crafted HTTP POST request.

The vulnerability stems from improper handling of null bytes in the loginok.html endpoint, leading to Lua code injection. Attackers can bypass authentication and execute arbitrary commands. Huntress researchers observed five coordinated IP addresses targeting a system within hours of disclosure. The Wing FTP flaw exploited in these incidents highlights the severity of the threat.

More than 2,000 servers remain exposed online. Organizations are urged to update to version 7.4.4 immediately.

Read the full report at: https://cybersecuritynews.com/wing-ftp-server-vulnerability-exploited/