CVE-2025-5196 in FTP Server
Summary
by MITRE • 05/26/2025
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 7.4.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "[W]e do not consider it as a security vulnerability, because the system admin in WingFTP has full permissions [...], but you can suggest the user run WingFTP service as Normal User rather than SYSTEM/Root, it will be safer."
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/02/2025
CVE-2025-5196 represents a critical privilege escalation vulnerability within Wing FTP Server version 7.4.3 and earlier, specifically affecting the Lua Admin Console component. This vulnerability stems from improper privilege handling within the administrative interface, allowing attackers to execute operations with elevated permissions beyond what should be permitted. The flaw exists in the underlying authorization mechanisms of the Lua console functionality, which fails to properly validate user privileges before executing sensitive administrative commands. The vulnerability's classification as critical reflects the potential for unauthorized users to gain system-level access through this administrative interface. The attack vector is remote, meaning malicious actors can exploit this weakness without physical access to the system, though the attack complexity is noted as high, suggesting that sophisticated techniques or specific conditions may be required for successful exploitation.
The technical nature of this vulnerability aligns with CWE-276, which addresses improper privilege management, and potentially CWE-732, concerning inadequate privilege management. The operational impact is significant as it allows for unauthorized privilege escalation, potentially enabling attackers to perform administrative functions such as user management, configuration changes, and system-level modifications. This could result in complete system compromise, data exfiltration, and persistent access to the affected infrastructure. The vulnerability's remote exploitation capability makes it particularly dangerous in internet-facing environments where FTP servers are exposed to external networks. Attackers could leverage this weakness to establish backdoors, modify server configurations, or gain access to sensitive files and data stored on the FTP server.
Security practitioners should consider this vulnerability in the context of ATT&CK technique T1068, which covers 'Exploitation for Privilege Escalation', and potentially T1566, focusing on 'Phishing for Information'. The vendor's response indicates that the issue stems from the assumption that administrative users have full system permissions, but this approach creates a dangerous security model where any compromise of the administrative interface could lead to complete system takeover. The recommended mitigation strategy of upgrading to version 7.4.4 addresses the core privilege management flaw in the Lua Admin Console. However, the vendor's explanation that they do not consider it a security vulnerability due to administrative user permissions overlooks the fundamental principle of least privilege that should govern all system components. Additionally, the vendor's suggestion to run WingFTP as a normal user rather than SYSTEM/Root represents a sound security practice that aligns with defense-in-depth strategies and helps minimize the potential impact of such privilege escalation vulnerabilities. Organizations should implement this upgrade immediately while also reviewing their administrative access controls and considering additional security measures such as network segmentation, firewall rules, and monitoring for suspicious administrative activities.