What is the CVSS score of CVE-2025-47811?

CVE-2025-47811 has a CVSS 3.1 base score of 4.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Wing Ftp Server are affected by CVE-2025-47811?

Organizations using Wing FTP Server should be aware of moderate risk from CVE-2025-47811 rated CVSS 4.1. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-47811?

Yes, a public proof-of-concept exploit is available for CVE-2025-47811. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-47811?

Within 30 days: Identify affected systems running Wing FTP Server and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Wing Ftp Server CVE-2025-47811

EUVD-2025-21021 MEDIUM

Privilege Defined With Unsafe Actions (CWE-267)

2025-07-10 cve@mitre.org

Privilege Escalation Wing Ftp Server

4.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21021

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

PoC Detected

Jul 17, 2025 - 13:18 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 17:15 nvd

MEDIUM 4.1

DescriptionNVD

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands (i.e., through the web console or the task scheduler), and they are automatically executed in the highest possible privilege context. Because administrative users of the web interface are not necessarily also system administrators, one might argue that this is a privilege escalation. (If a privileged application role is not available to an attacker, CVE-2025-47812 can be leveraged.) NOTE: the vendor reportedly considers this behavior "fine to keep."

Analysis

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized.

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

CVE-2025-47811 vulnerability details – vuln.today

Back

Wing Ftp Server CVE-2025-47811

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code