Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Fortinet releases patches for important SQL injection defects in Fortiweb (CVE-2025-25257)

YC Back Apolink by 19-year-old Bag $4.3 million to build a 24/7 connection for Leo satellite

Helios wants to be an AI operating system for public policy experts

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Critical Wing FTP Server Vulnerability (CVE-2025-47812)
Identity

Critical Wing FTP Server Vulnerability (CVE-2025-47812)

userBy userJuly 11, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

July 11, 2025Ravi LakshmananCyber ​​Attacks/Vulnerability

Critical Wing FTP Server Vulnerability

According to Huntress, the most recent disclosed security flaw affecting Wing FTP servers is subject to aggressive exploitation in the wild.

The vulnerability tracked as CVE-2025-47812 (CVSS score: 10.0) is a case of improper handling of null (‘\0’) bytes in the server’s web interface, allowing remote code execution. Addressed in version 7.4.4.

According to the cve.org flaw advisory, “The user and administrator web interface can explor “\0″ bytes and ultimately inject any LUA code into the user session file.” “This can be used to run any system command using privileges on the FTP service (root or system by default).”

Cybersecurity

What’s even more concerning is that flaws can be exploited through anonymous FTP accounts. A comprehensive breakdown of vulnerabilities was in the public domain until the end of June 2025, courtesy of RCE security researcher Julien Arlens.

Cybersecurity company Huntress said threat actors have been observed to download and run malicious LUA files, carry out reconnaissance and exploit the flaws to install remote monitoring and management software.

“CVE-2025-47812 is due to how nullbytes are handled in username parameters (particularly related to the loginok.html file that handles the authentication process),” Huntress researchers said. “This allows remote attackers to perform LUA injection after using null bytes in the username parameter.”

“By utilizing nullbyte injection, the enemy confuses the expected input of the LUA file that stores these session characteristics.”

Evidence of aggressive exploitation was first observed on July 1, 2025 against a single customer. Upon gaining access, the threat actor ran enumeration and reconnaissance commands, created a new user as a form of persistence, dropped the LUA file and dropped the installer for ScreenConnect.

Cybersecurity

There is no evidence that the remote desktop software was actually installed, as the attack was detected and stopped before the attack progressed further. It is not clear who is behind the activity right now.

According to Censys data, there are 8,103 publicly accessible devices running a Wing FTP server, of which 5,004 expose the web interface. Most of the instances are in the US, China, Germany, the UK and India.

In light of active exploitation, it is essential that users apply the latest patches and move quickly to update Wing FTP server versions from 7.4.4 or later.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleIran-backed Pay2key ransomware resurfaces
Next Article Protecting data in the AI ​​era
user
  • Website

Related Posts

Fortinet releases patches for important SQL injection defects in Fortiweb (CVE-2025-25257)

July 11, 2025

perfektblue bluetooth vulnerability exposes millions of vehicles to remote code execution

July 11, 2025

Protecting data in the AI ​​era

July 11, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Fortinet releases patches for important SQL injection defects in Fortiweb (CVE-2025-25257)

YC Back Apolink by 19-year-old Bag $4.3 million to build a 24/7 connection for Leo satellite

Helios wants to be an AI operating system for public policy experts

EV transitions face rocky paths to competitiveness

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.