A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress.
The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null (‘�’) bytes in the server’s web interface, which allows for remote code execution. It has been addressed in version 7.4.4.
“The user and
