Share
## https://sploitus.com/exploit?id=0E5A05D6-3602-5E6E-BD25-17A11650D645
# CVE-2025-47812-poC
Simple exploit for Wing FTP Server RCE (CVE-2025-47812) to run commands and get a reverse shell. For educational use only.

# Vulnerability Details
This security vulnerability was publicly disclosed and detailed by RCESecurity (https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/). 

The exploit was developed by me for educational and testing purposes. I am not the original discoverer of the vulnerability.

# Wing FTP Server RCE (CVE-2025-47812)
The vulnerability exists due to improper handling of NULL bytes in the username parameter during login in Wing FTP Server versions 7.4.3 and earlier. This allows unauthenticated attackers to inject Lua code into session files, leading to remote code execution with elevated privileges.

This PoC exploit allows:

Arbitrary command execution on the vulnerable server.
Opening a reverse shell connection for interactive access.

Usage and poC video:

<pre markdown="1">python CVE-2025-47812-poC.py</pre>

![Demo](wftp-rce.gif)

1) Run command: It allows you to run commands directly on the target server. Enter the target URL and username, then provide the command to execute and receive its output.
2) Get Reverse Shell: It allows you obtain a reverse shell on the server. Specify your LHOST and LPORT values to establish the reverse shell connection.

# Affected Versions
Wing FTP Server versions 7.4.3 and earlier are vulnerable.

Versions from 7.4.4 onwards have patched this issue.

## Disclaimer
This exploit is provided for **educational purposes only**.  
Use it responsibly and only on systems you have explicit permission to test.  
The author is not responsible for any misuse or damage caused by this tool.