What is CVE-2025-47811?

CVE-2025-47811 is a medium-severity vulnerability in Wftpserver Wing Ftp Server, classified under Privilege Defined With Unsafe Actions. CVSS score: 4.1/10. Published 2025-07-10.

How severe is CVE-2025-47811?

Medium severity. CVSS v3 base score is 4.1 out of 10.

Is CVE-2025-47811 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Wftpserver Wing Ftp Server

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e…

EPSS: 0.003 (54.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N.

Affected products

Wftpserver Wing Ftp Server — versions 0

Weakness classification (CWE)

CWE-267 — Privilege Defined With Unsafe Actions

Public proof-of-concept exploits

MrTuxracer/advisories

References

Frequently asked questions

What is CVE-2025-47811?: CVE-2025-47811 is a medium-severity vulnerability in Wftpserver Wing Ftp Server, classified under Privilege Defined With Unsafe Actions. CVSS score: 4.1/10. Published 2025-07-10.
How severe is CVE-2025-47811?: Medium severity. CVSS v3 base score is 4.1 out of 10.
Is CVE-2025-47811 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.