CVE-2025-47811

MEDIUM EPSS 87.7%

Published Jul 10, 202511mo ago · Modified Jun 17, 20261w ago

6.6 CVSS 3.1

Medium

Published Jul 10, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web console or the task scheduler), and they are automatically executed in the highest possible privilege context. Because administrative users of the web interface are not necessarily also system administrators, one might argue that this is a privilege escalation. (If a privileged application role is not available to an attacker, CVE-2025-47812 can be leveraged.) NOTE: the vendor reportedly considers this behavior "fine to keep."

CVSS Details

Base Score

6.6

Exploitability

2.3

Impact

3.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Changed

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

87.7% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-267

Affected Products 1

Vendor	Product	Version	Range
wftpserver	wing_ftp_server	*	<7.4.4

References 2

rcesecurity.com https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

ExploitThird Party Advisory
wftpserver.com https://www.wftpserver.com

Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.