CVE-2025-27889 | wftpserver Wing FTP Server up to 7.4.3 Parameter downloadpass.html url external control of system or configuration setting

Inserito da Angelo Barbosa | Lug 10, 2025 | CVE

A vulnerability classified as problematic was found in wftpserver Wing FTP Server up to 7.4.3. This vulnerability affects unknown code of the file downloadpass.html of the component Parameter Handler. The manipulation of the argument url leads to external control of system or configuration setting.

This vulnerability was named CVE-2025-27889. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-27889 | wftpserver Wing FTP Server up to 7.4.3 Parameter downloadpass.html url external control of system or configuration setting

Post correlati

CVE-2023-31356 | AMD EPYC 7003 Processors/EPYC 9004 Processors SEV Firmware memory corruption

CVE-2024-56277 | Poll Maker Plugin up to 5.5.4 on WordPress escape output

CVE-2025-5033 | XiaoBingby TeaCMS 2.0.2 addUser cross-site request forgery (IBYRPK)

CVE-2023-41817 | Motorola Phone Calls App prior 2023-12-01 implicit intent