CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-47813(4)	High	20.4%	Wing FTP ServerWing FTP Server	Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.	Mar 16, 2026	KEV
CVE-2025-47812(3)	High	92.5%	Wing FTP ServerWing FTP Server	Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).	Jul 14, 2025	KEV

CVE-2025-47813KEV

High

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

Wing FTP ServerEPSS 20.4%

CVE-2025-47812KEV

High

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).

Wing FTP ServerEPSS 92.5%