CISA Warns of Wing FTP Server Vulnerability Actively Exploited in Attacks
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
CISA has issued an urgent warning about a critical vulnerability in Wing FTP Server that is being actively exploited by cybercriminals.
The vulnerability, tracked as CVE-2025-47812, poses significant risks to organizations using this popular file transfer solution and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline.
Key Takeaways
1. CVE-2025-47812 in Wing FTP Server allows arbitrary Lua code injection through improper null byte handling.
2. Enables attackers to execute system commands with root/SYSTEM privileges, achieving complete server control.
3. Currently being exploited in real-world attacks, added to CISA's KEV catalog July 14, 2025.
4. Organizations must patch, follow BOD 22-01 guidance, or discontinue use by August 4, 2025.
Wing FTP Server Null Byte Vulnerability
The Wing FTP Server vulnerability centers on an improper neutralization of null byte or NUL character weakness, classified under CWE-158 (Improper Neutralization of Null Byte or NUL Character).
This flaw allows attackers to inject arbitrary Lua code into user session files, effectively bypassing security controls designed to prevent code execution.
The technical impact of this vulnerability is particularly severe because it enables attackers to execute arbitrary system commands with the elevated privileges of the FTP service.
CISA added CVE-2025-47812 to its KEV catalog on July 14, 2025, indicating that the vulnerability is not merely theoretical but is being actively exploited in real-world attacks.
Organizations using Wing FTP Server have until August 4, 2025 to implement necessary mitigations or face potential compliance issues with federal binding operational directives.
The agency has mandated that organizations must “apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
This directive underscores the severity of the threat and the urgent need for immediate action.
Risk Factors Details Affected ProductsWing FTP Server ImpactArbitrary Lua code injection into user session filesExploit Prerequisites– Access to Wing FTP Server interface- Ability to manipulate null byte/NUL characters- User session interaction capabilityCVSS 3.1 Score10.0 (Critical)
Recommended Actions
While CISA has not yet confirmed whether CVE-2025-47812 is being used in ransomware campaigns, the vulnerability’s characteristics make it an attractive target for ransomware operators.
The ability to execute arbitrary commands with system-level privileges provides an ideal entry point for deploying ransomware payloads and establishing persistent access to compromised networks.
Organizations should immediately check their Wing FTP Server installations and consult the vendor’s security advisories available at the official server history page.
IT security teams must prioritize patching this vulnerability, implement network segmentation to limit exposure, and monitor for suspicious activities that might indicate exploitation attempts.
The rapid addition of this vulnerability to CISA’s KEV catalog reflects the evolving threat landscape where file transfer servers have become prime targets for cybercriminals seeking to compromise organizational infrastructure.
#Cyber_Attack_Article #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Warns of Wing FTP Server Vulnerability Actively Exploited in Attacks
Author: KaaviyaCISA has issued an urgent warning about a critical vulnerability in Wing FTP Server that is being actively exploited by cybercriminals.
The vulnerability, tracked as CVE-2025-47812, poses significant risks to organizations using this popular file transfer solution and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline.
Key Takeaways
1. CVE-2025-47812 in Wing FTP Server allows arbitrary Lua code injection through improper null byte handling.
2. Enables attackers to execute system commands with root/SYSTEM privileges, achieving complete server control.
3. Currently being exploited in real-world attacks, added to CISA's KEV catalog July 14, 2025.
4. Organizations must patch, follow BOD 22-01 guidance, or discontinue use by August 4, 2025.
Wing FTP Server Null Byte Vulnerability
The Wing FTP Server vulnerability centers on an improper neutralization of null byte or NUL character weakness, classified under CWE-158 (Improper Neutralization of Null Byte or NUL Character).
This flaw allows attackers to inject arbitrary Lua code into user session files, effectively bypassing security controls designed to prevent code execution.
The technical impact of this vulnerability is particularly severe because it enables attackers to execute arbitrary system commands with the elevated privileges of the FTP service.
CISA added CVE-2025-47812 to its KEV catalog on July 14, 2025, indicating that the vulnerability is not merely theoretical but is being actively exploited in real-world attacks.
Organizations using Wing FTP Server have until August 4, 2025 to implement necessary mitigations or face potential compliance issues with federal binding operational directives.
The agency has mandated that organizations must “apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
This directive underscores the severity of the threat and the urgent need for immediate action.
Risk Factors Details Affected ProductsWing FTP Server ImpactArbitrary Lua code injection into user session filesExploit Prerequisites– Access to Wing FTP Server interface- Ability to manipulate null byte/NUL characters- User session interaction capabilityCVSS 3.1 Score10.0 (Critical)
Recommended Actions
While CISA has not yet confirmed whether CVE-2025-47812 is being used in ransomware campaigns, the vulnerability’s characteristics make it an attractive target for ransomware operators.
The ability to execute arbitrary commands with system-level privileges provides an ideal entry point for deploying ransomware payloads and establishing persistent access to compromised networks.
Organizations should immediately check their Wing FTP Server installations and consult the vendor’s security advisories available at the official server history page.
IT security teams must prioritize patching this vulnerability, implement network segmentation to limit exposure, and monitor for suspicious activities that might indicate exploitation attempts.
The rapid addition of this vulnerability to CISA’s KEV catalog reflects the evolving threat landscape where file transfer servers have become prime targets for cybercriminals seeking to compromise organizational infrastructure.
#Cyber_Attack_Article #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
