"Via CVE-2025-47813, an attacker can use the loginok.html page and a specially crafted session cookie to determine the software's full local installation path. This information can be used in subsequent attacks."
"By injecting a null byte (%00) into the username field, attackers can execute arbitrary Lua code with root/SYSTEM privileges on the server. The vulnerability can even be exploited via anonymous FTP accounts."
"Security firm Huntress documented active exploitation as early as July 1 of last year, just one day after the public disclosure of CVE-2025-47812. It is estimated that around 5,000 internet-accessible servers were vulnerable at that time."
CISA has issued a warning about active exploitation of CVE-2025-47813 in Wing FTP Server, a vulnerability allowing attackers to determine the software's local installation path through a specially crafted session cookie on the loginok.html page. This flaw is particularly dangerous when combined with CVE-2025-47812, a critical vulnerability with a maximum CVSS score of 10.0 that enables arbitrary Lua code execution with root/SYSTEM privileges. Attackers can exploit CVE-2025-47812 by injecting a null byte into the username field, even through anonymous FTP accounts. Both vulnerabilities were discovered by researcher Julien Ahrens and have been actively exploited since July, affecting approximately 5,000 internet-accessible servers. Security patches are available in Wing FTP Server version 7.4.4.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]