CNNVD-202507-1509 Information

CNNVD ID

CNNVD-202507-1509

Related CVE

CVE-2025-27889

• CNNVD Published: 2025-07-10

Description (Chinese)

Wing FTP Server是Wing FTP Server开源的一套跨平台的FTP服务器软件。 Wing FTP Server 7.4.4之前版本存在安全漏洞，该漏洞源于未正确验证和清理downloadpass.html端点的url参数，可能导致明文密码泄露。

Description (English)

Wing FTP Server is a cross-platform FTP server software from Wing FTP Server Open Source. Wing FTP Server 7.4.4 contains a security loophole, which originates from an incorrect validation and clean-up of the url parameters of the downloadpass.html endpoint, which may lead to the disclosure of an explicit password.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Wing FTP Server

Published

2025-07-10

Last Modified

2026-02-24

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27889.txt https://www.wftpserver.com/wftpserver.htm https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ https://nvd.nist.gov/vuln/detail/CVE-2025-27889

Patch

https://www.wftpserver.com/download.htm