CVE-2025-27889 – Wing FTP Server URL Parameter Injection

July 10, 2025

CVE ID : CVE-2025-27889

Published : July 10, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.

Severity: 3.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47811 – Wing FTP Server Privilege Escalation Vulnerability

Next Article CVE-2024-43394 – Apache HTTP Server Windows SSRF NTLM Hash Leak

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

Grab these 7 Xbox games all under $40 — you don’t have long before Amazon Prime Day ends, so act fast

After 24 hours with Samsung’s Galaxy Z Flip 7, one big thing stands out

The details of TC39’s last meeting

The details of TC39’s last meeting

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

Grab these 7 Xbox games all under $40 — you don’t have long before Amazon Prime Day ends, so act fast

CVE-2025-27889 – Wing FTP Server URL Parameter Injection

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

sic offers image processing and conversion

CVE-2025-6154 – PHPGurukul Hostel Management System SQL Injection

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

Training LLM Agents Just Got More Stable: Researchers Introduce StarPO-S and RAGEN to Tackle Multi-Turn Reasoning and Collapse in Reinforcement Learning

CVE-2023-53135 – Riscv Linux Kernel Stack Out-of-Bounds Vulnerability

Fast-track SOP processing using Amazon Bedrock

As Windows 10 end of support looms, Microsoft says Windows 11 AI is all you need

CVE-2025-27889 – Wing FTP Server URL Parameter Injection

Related Posts