CVE-2025-47811
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wftpserver | wing_ftp_server | to 7.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Wing FTP Server through version 7.4.4, where the administrative web interface runs with root or SYSTEM privileges by default. The web application allows legitimate methods to execute arbitrary system commands, such as through the web console or task scheduler, and these commands run with the highest privilege level. This can lead to privilege escalation because administrative users of the web interface may not be system administrators, yet commands they execute run with elevated privileges.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing an administrative user of the web interface to execute arbitrary system commands with root or SYSTEM privileges. This could potentially allow unauthorized or unintended high-privilege actions on the system, increasing the risk of system compromise or misuse.