A maximum-severity security vulnerability in the Wing FTP Server has been actively exploited in the wild. The vulnerability, identified as CVE-2025-47812 (CVSS score:

10.0), involves incorrect handling of null ('\0') bytes in the web interface of the server.

Anonymous FTP accounts can be used to exploit the vulnerability. 5,004 of the 8,103 publicly accessible devices running the Wing FTP server have an open web interface. The United States, China, Germany, the United Kingdom, and India account for the majority of the cases.

Users must act fast to update their Wing FTPserver versions to

7.4.4 or later and apply the most recent patches.

The United Nations. The flaw has been added to the Known Exploited Vulnerabilities (KEV) Catalog by the Cybersecurity and Infrastructure Security Agency. Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by August 4,

2025.

Call the National Suicide Prevention Lifeline at 1-800-273-8255 or visit http://www.suicidepreventionlifeline.org/ for private assistance. Call the Samaritans at 08457 90 90 90, visit a local Samaritans branch, or visit www.samaritans.org for assistance with suicide-related issues. For assistance in the United States, visit the National Institute of Health and Human Services (NICE) at http://www.nih.gov/ or call the National Institutes of Health at 1-888-457-9090.