Wing FTP Server 远程代码执行漏洞
漏洞信息
漏洞名称: Wing FTP Server 远程代码执行漏洞
漏洞编号:
- CVE: CVE-2025-47812
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: Wing FTP Server是一款广泛使用的FTP服务器软件,支持Windows、Linux和macOS平台,常用于企业文件共享和数据传输服务。由于其易用性和功能丰富性,它在多个行业中被广泛部署。此次发现的CVE-2025-47812漏洞是一个严重的远程代码执行(RCE)漏洞,影响7.4.4之前的所有版本。漏洞的根源在于Wing FTP Server在处理用户名参数中的空字节(\0)时存在缺陷,攻击者可以通过用户名字段注入任意Lua代码。这些代码随后会被写入会话文件,并在服务器处理该文件时执行,从而导致系统级命令的执行。由于此漏洞无需认证即可利用,且攻击者可以获得SYSTEM(Windows)或root(Linux/macOS)权限,因此其潜在影响极为严重。攻击者可以利用此漏洞完全控制受影响的服务器,执行任意命令,窃取敏感数据,或进一步渗透内部网络。鉴于已有在野利用的报告,所有使用Wing FTP Server的组织应立即升级到7.4.4或更高版本,并采取其他缓解措施,如限制公共网络对/loginok.html的访问,监控异常登录尝试等。
产品厂商: Wing FTP Server
产品名称: Wing FTP Server
影响版本: version < 7.4.4
来源: https://github.com/B1ack4sh/Blackash-CVE-2025-47812
类型: CVE-2025:github search
仓库文件
- README.md
来源概述
🛡️ CVE-2025-47812 – Critical RCE in Wing FTP Server 🛡️
🔎 Overview:
CVE-2025-47812 is a critical remote code execution (RCE) vulnerability affecting Wing FTP Server versions prior to 7.4.4. It was discovered by a security researcher and has been confirmed to be actively exploited in the wild.
🧱 Root Cause:
The vulnerability lies in the authentication logic of Wing FTP Server, specifically in how it handles null bytes (\0) in the username parameter.
Attackers can inject arbitrary Lua code through the username field, which the server will write into the session file. When this session file is processed later, the injected Lua code gets executed, allowing attackers to run system-level commands.
🚨 Impact:
- Severity: CVSS score of 10.0 (Critical)
- Access Required: Unauthenticated or anonymous access is sufficient
- Exploitation: Confirmed active exploitation
- Privileges Gained: Code runs as SYSTEM (Windows) or root (Linux/macOS)
- Affected Platforms: Windows, Linux, and macOS
🔧 Mitigation:
- Update immediately to Wing FTP Server version 7.4.4 or later.
- Ensure public-facing FTP servers are not exposing
/loginok.htmlto untrusted networks. - Monitor logs for unusual usernames or Lua code injections.
- Implement network segmentation to isolate FTP services from internal infrastructure.
⚠️ Urgency:
Due to confirmed exploitation, this vulnerability has been included in multiple threat advisories. If your organization uses Wing FTP Server, patching should be prioritized before August 4, 2025 as per official recommendations.