Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-47812 | Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
An attacker can craft a message in Lua that injects a null byte, allowing admin access to Wing FTP sessions.
References
|
| CVE-2025-47812 | Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
An attacker can craft a message in Lua that injects a null byte, allowing admin access to Wing FTP sessions.
References
|