HIGH🇵🇱 Wersja polska

CVE-2019-25267

CVSS 8.5v4.0pub. 2026-02-05upd. 2026-02-18

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Wftpserver Wing Ftp Server

    APP
    Wftpserver
    6.0.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-47812CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE w Wing FTP Server — wstrzyknięcie kodu Lua przez bajt NULL

CVE-2026-44403HIGH8.6ten sam produkt

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session seri...

CVE-2020-37032HIGH8.6ten sam produkt

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows ...

CVE-2025-5196HIGH7.5ten sam produkt

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vul...

CVE-2020-8634HIGH7.8ten sam produkt

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HT...