CVE-2025-47812CISA KEV: Actively Exploited

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Published Jul 14, 2025·Updated Jul 14, 2025

Description

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Public Exploits & PoCs14 found

PoC: CVE-2025-47812

CVE-2025-47812 POC

1

PoC: CVE-2025-47812-poc

Wing FTP Server Remote Code Execution (RCE) Exploit (CVE-2025-47812)

1

PoC: CVE-2025-47812

CVE-2025-47812 Poc for wingdata HTB

PoC: Exploit_CVE-2025-47812

Unauthenticated_RCE.CVE-2025-47812

PoC: CVE-2025-47812

RCE for WingFTP v4.7.3

PoC: CVE-2025-47812-Wing-FTP-Server-7.4.3-Unauthenticated-RCE-PoC

Unauthenticated remote code execution vulnerability in Wing FTP Server <= 7.4.3.

PoC: CVE-2025-47812

CVE-2025-47812: Wing FTP Server 7.4.3 UnauthN RCE in sh

PoC: Blackash-CVE-2025-47812

CVE-2025-47812

PoC: Blackash-CVE-2025-47812

CVE-2025-47812

PoC: CVE-2025-47812

Improper Neutralization of Null Byte or NUL Character in WingFTP Servers - Detection Script

PoC: CVE-2025-47812

Exploit for CVE-2025-47812 with custom psudo shell and robust error handling.

PoC: WingFTP-CVE-2025-47812-illdeed

Remote Command Execution exploit for Wing FTP Server (CVE-2025-47812)

PoC: CVE-2025-47812

Wing FTP Server RCE via Lua Injection

PoC: CVE-2025-47812-poC

Simple exploit for Wing FTP Server RCE (CVE-2025-47812) to run commands and get a reverse shell. For educational use only.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free