CyberSec.Space Logo
Back to CVE Browser

CVE-2019-25267

HIGH
7.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile27.63th
PublishedFeb 5, 2026
Last ModifiedFeb 18, 2026

Vulnerability Description

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

Affected Platforms (CPE)

๐Ÿ“ฆ
Wftpserver

Wing Ftp Server

= 6.0.7

References & Advisories

๐Ÿ”— https://www.exploit-db.com/exploits/47818
๐Ÿ”— https://www.vulncheck.com/advisories/wing-ftp-server-unquoted-service-path
๐Ÿ”— https://www.wftpserver.com/

Related Vulnerabilities

CVE-2020-370328.8

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users ...

CVE-2020-86347.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management i...

CVE-2020-86357.8

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files...

CVE-2020-94707.8

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, ...