top of page
perceptive_background_267k.jpg

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system priā€¦

Published:

4 februari 2026 om 23:00:00

Alert date:

5 februari 2026 om 15:04:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Enterprise Applications

Wing FTP Server version 6.0.7 contains an unquoted service path vulnerability (CVE-2019-25267) that allows local attackers to execute arbitrary code with elevated system privileges. The vulnerability exists in the service configuration where the binary path is not properly quoted, enabling attackers to inject malicious executables. When exploited, these malicious executables are launched with LocalSystem permissions, providing attackers with the highest level of system access. This is a local privilege escalation vulnerability that requires the attacker to have initial access to the system. The vulnerability affects Wing FTP Server specifically at version 6.0.7.

Technical details

Mitigation steps:

Affected products:

Wing FTP Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2019-25267
https://www.exploit-db.com/exploits/47818
https://www.vulncheck.com/advisories/wing-ftp-server-unquoted-service-path
https://www.wftpserver.com/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page