Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Netwin SurgeFTP Remote Command Execution Vulnerability

Vulnerability

Exploited

A remote command execution vulnerability has been identified in Netwin SurgeFTP versions through 23c8. This issue resides in the web-based administrative console, where authenticated users can execute arbitrary system commands by sending crafted POST requests to 'surgeftpmgr.cgi'. The exploitation of this vulnerability could lead to full remote code execution on the underlying system.

Impact

Exploitation of this vulnerability allows for authenticated users to execute arbitrary commands on the server, potentially leading to full system compromise.

Reproduction

To reproduce this vulnerability, an authenticated user must send a POST request to '/cgi/surgeftpmgr.cgi' with the 'authent_process' parameter containing the command to be executed. This can be done using a tool like Metasploit, which has a module available for this exploitation.

Added: Aug 5, 2025, 9:21 PM

Updated: Aug 5, 2025, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

6.5

remediation

0.0

relevance

0.3

threat

9.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

6.5

remediation

0.0

relevance

0.3

threat

9.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Netwin SurgeFTP Remote Command Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Netwin SurgeFTP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating