Serial number: AV25-391
Date: July 3, 2025
Updated: March 16, 2026
On May 14, 2025, Wing FTP a published an update to address a critical vulnerability in the following product:
- Wing FTP Server – version v7.4.3 and prior
Open-source reporting has indicated that proof-of-concept exploit code is available for CVE-2025-47812.
Update 1
On July 10, 2025, open-source reporting indicated that the Wing FTP Remote Code Execution vulnerability CVE-2025-47812 has been actively exploited in the wild. The vulnerability is rated a CVSS 10.0.
Update 2
On March 16, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-47813 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.