CVE-2025-5196

MEDIUM

Wing FTP Server <7.4.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-5196. PoCs published by Nouvexr.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-5196, demonstrating an authenticated RCE vulnerability in Wing FTP Server 7.4.4 via Lua script execution. The exploit uses `os.execute` to download and execute a reverse shell payload.

Description

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 7.4.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "[W]e do not consider it as a security vulnerability, because the system admin in WingFTP has full permissions [...], but you can suggest the user run WingFTP service as Normal User rather than SYSTEM/Root, it will be safer."

Exploits (1)

nomisec WORKING POC 1 stars

by Nouvexr · poc

https://github.com/Nouvexr/Wing-FTP-Server-7.4.4-RCE-Authenticated

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-5196, demonstrating an authenticated RCE vulnerability in Wing FTP Server 7.4.4 via Lua script execution. The exploit uses `os.execute` to download and execute a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Wing FTP Server 7.4.4

Auth required

Prerequisites: Authenticated access to the Wing FTP Server web interface · Lua scripting console access

MITRE ATT&CK

T1059.006 - Python T1106 - Native API T1059.001 - PowerShell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.310279

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.310279

Exploit, VDB Entry third-party-advisory

https://vuldb.com/?submit.584253

Exploit exploit

https://github.com/Nouvexr/Wing-FTP-Server-7.4.4-RCE-Authenticated/blob/main/poc.txt

View Exploit ZIP pw:eip

Broken Link patch

https://www.wftpserver.com/serverhistory.htm

Scores

CVSS v3 6.6

EPSS 0.0085

EPSS Percentile 53.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-250

Status published

Products (1)

wftpserver/wing_ftp_server < 7.4.4

Published May 26, 2025

Tracked Since Feb 18, 2026