Wing FTP Server RCE (CVE-2025-47812)
Description
Wing FTP Server is vulnerable to an unauthenticated remote code execution (RCE) due to improper handling of NULL bytes in the 'username' parameter during the login process. An attacker can inject Lua code into session files and execute it on the server.
Remediation
Upgrade to the latest version of Wing FTP