CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web console or the task scheduler), and they are automatically executed in the highest possible privilege context. Because administrative users of the web interface are not necessarily also system administrators, one might argue that this is a privilege escalation. (If a privileged application role is not available to an attacker, CVE-2025-47812 can be leveraged.) NOTE: the vendor reportedly considers this behavior "fine to keep."

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/	Exploit Third Party Advisory
https://www.wftpserver.com	Broken Link
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*

History

17 Jul 2025, 13:18

Type	Values Removed	Values Added
CPE		cpe:2.3:a:wftpserver:wing_ftp_server::::::::
First Time		Wftpserver Wftpserver wing Ftp Server
References	~~() https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ -~~	() https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ - Exploit, Third Party Advisory
References	~~() https://www.wftpserver.com -~~	() https://www.wftpserver.com - Broken Link

15 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 17:15

Updated : 2025-07-17 13:18

NVD link : CVE-2025-47811

Mitre link : CVE-2025-47811

CVE.ORG link : CVE-2025-47811

JSON object : View

Products Affected

wftpserver

wing_ftp_server

CWE

CWE-267

Privilege Defined With Unsafe Actions

{"id": "CVE-2025-47811", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}]}, "published": "2025-07-10T17:15:46.933", "references": [{"url": "https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wftpserver.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-267"}]}], "descriptions": [{"lang": "en", "value": "In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web console or the task scheduler), and they are automatically executed in the highest possible privilege context. Because administrative users of the web interface are not necessarily also system administrators, one might argue that this is a privilege escalation. (If a privileged application role is not available to an attacker, CVE-2025-47812 can be leveraged.) NOTE: the vendor reportedly considers this behavior \"fine to keep.\""}, {"lang": "es", "value": "En Wing FTP Server hasta la versi\u00f3n 7.4.4, la interfaz web administrativa (que escucha por defecto en el puerto 5466) se ejecuta como root o SYSTEM por defecto. La propia aplicaci\u00f3n web ofrece varias formas leg\u00edtimas de ejecutar comandos arbitrarios del sistema (por ejemplo, a trav\u00e9s de la consola web o el programador de tareas), y estos se ejecutan autom\u00e1ticamente con el m\u00e1ximo privilegio posible. Dado que los usuarios administrativos de la interfaz web no son necesariamente administradores del sistema, se podr\u00eda argumentar que se trata de una escalada de privilegios. (Si un atacante no tiene acceso a un rol de aplicaci\u00f3n privilegiado, se puede aprovechar la vulnerabilidad CVE-2025-47812). NOTA: Seg\u00fan se informa, el proveedor considera que este comportamiento es aceptable."}], "lastModified": "2025-07-17T13:18:45.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34AF9E83-291C-40B0-AE69-34C9B59A5D03", "versionEndExcluding": "7.4.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}