top of page
perceptive_background_267k.jpg

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system priā€¦

Published:

4 February 2026 at 23:00:00

Alert date:

5 February 2026 at 15:04:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Enterprise Applications

Wing FTP Server version 6.0.7 contains an unquoted service path vulnerability (CVE-2019-25267) that allows local attackers to execute arbitrary code with elevated system privileges. The vulnerability exists in the service configuration where the binary path is not properly quoted, enabling attackers to inject malicious executables. When exploited, these malicious executables are launched with LocalSystem permissions, providing attackers with the highest level of system access. This is a local privilege escalation vulnerability that requires the attacker to have initial access to the system. The vulnerability affects Wing FTP Server specifically at version 6.0.7.

Technical details

Mitigation steps:

Affected products:

Wing FTP Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2019-25267
https://www.exploit-db.com/exploits/47818
https://www.vulncheck.com/advisories/wing-ftp-server-unquoted-service-path
https://www.wftpserver.com/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page