CVE-2025-27889
published 2025-07-10CVE-2025-27889: Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary…
PriorityP350high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.41%
32.8th percentile
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wftpserver | wing_ftp_server | < 7.4.4 | 7.4.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
CISA flags Wing FTP Server flaw as actively exploited in attacks
blogs_bleepingcomputer·2026-03-16·CVSS 3.4
[LOW] CISA flags Wing FTP Server flaw as actively exploited in attacks
## CISA flags Wing FTP Server flaw as actively exploited in attacks
## Sergiu Gatlan
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks.
Wing FTP Server is a cross-platform FTP server software that also provides secure file transfer via its built-in SFTP and web servers. The developers claim that their file transfer software is used by more than 10,000 customers worldwide, including the U.S. Air Force, Sony, Airbus, Reuters, and Sephora.
Tracked as CVE-2025-47813 , the security flaw allows threat actors with low privileges to discover the full local installation path of the application on unpatched servers.
"Wing FTP Server contains a generation of error message
Bleepingcomputer
Hackers are exploiting critical RCE flaw in Wing FTP Server
blogs_bleepingcomputer·2025-07-12·CVSS 3.4
CVE-2025-47812 [LOW] Hackers are exploiting critical RCE flaw in Wing FTP Server
## Hackers are exploiting critical RCE flaw in Wing FTP Server
## Bill Toulas
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public.
The observed attack ran multiple enumeration and reconnaissance commands followed by establishing persistence by creating new users.
The exploited Wing FTP Server vulnerability is tracked as CVE-2025-47812 and received the highest severity score. It is a combination of a null byte and Lua code injection that allows remote a unauthenticated attacker to execute code with the highest privileges on the system (root/SYSTEM).
Wing FTP Server is a powerful solution for managing secure file transfers that can execute Lua scripts, which is widely used in ent
2025-07-10
Published