CVE-2019-25267
low-risk
Published 2026-02-05
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (3)
Third Party Advisory
https://www.vulncheck.com/advisories/wing-ftp-server-unquoted-service-path
Product
https://www.wftpserver.com/
29
/ 100
low-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal