Back to News
News

CISA Flags CVE-2025-47813 Path Leak in Wing FTP Server

CyberSecurityWaala 1 week ago Mar 17, 2026
CISA Flags CVE-2025-47813 Path Leak in Wing FTP Server

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a medium-severity vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities catalog, saying there is evidence the flaw is being exploited in the wild. The issue is tracked as CVE-2025-47813 and has a CVSS score of 4.3, CISA said.

CISA warned that the vulnerability allows the application to disclose its installation path under certain conditions. “Wing FTP Server contains a generation of error messages containing sensitive information vulnerability when using a long value in the UID cookie,” CISA said.

The bug affects all releases up to and including version 7.4.3 and was fixed in version 7.4.4, which Wing FTP shipped in May after a responsible disclosure by RCE Security researcher Julien Ahrens. Ahrens published a proof-of-concept showing the problem at the application endpoint “/loginok.html”: the server does not properly validate the length of the “UID” session cookie and an oversized value can trigger an error that reveals the full local server path, the researcher found.

“Successful exploits can allow an authenticated attacker to get the local server path of the application, which can help in exploiting vulnerabilities like CVE-2025-47812,” Julien Ahrens wrote in his disclosure.

Version 7.4.4 also addresses CVE-2025-47812, a critical remote code execution flaw with a CVSS score of 10.0. Security firm Huntress reported that attackers exploiting the RCE have used it to download and execute malicious Lua files, perform reconnaissance, and install remote monitoring and management software.

CISA added CVE-2025-47813 to its KEV list because of active exploitation evidence, but noted there are no public details yet on how that path-leak is being abused in the wild or whether it is being combined with the RCE bug. CISA recommended that Federal Civilian Executive Branch agencies apply the necessary fixes by March 30, 2026.

System owners should upgrade Wing FTP Server to version 7.4.4 as soon as possible, CISA said. Administrators should also limit public exposure of management interfaces, monitor logs for suspicious access patterns, and apply vendor updates promptly to reduce the risk of chained attacks.

For guidance on responding to incidents like this, see how to respond to a cybersecurity incident – a step-by-step guide.

#WingFTP #CVE #huntres #Cybersecuritynews #CISA #vulnerability #infosec