CP
cyberpings
VulnerabilitiesMEDIUM

Vulnerabilities - CISA Adds Wing FTP Server Flaw Alert

SASecurity Affairs
CVE-2025-47813Wing FTP ServerCISAinformation disclosure
🎯

Basically, a flaw in Wing FTP Server can leak sensitive information to attackers.

Quick Summary

CISA has flagged a vulnerability in Wing FTP Server that could expose sensitive information. Organizations using older versions need to act quickly to protect their systems. This flaw could lead to further attacks if not addressed promptly.

The Flaw

CISA has recently added a significant vulnerability to its Known Exploited Vulnerabilities catalog. This flaw, tracked as CVE-2025-47813, affects Wing FTP Server versions prior to 7.4.4. The vulnerability is categorized as an information disclosure issue, which means it can leak sensitive information without allowing direct exploitation.

The flaw occurs in the loginok.html page during the web authentication process. When an attacker sends an excessively long UID cookie, it triggers improper input handling. This results in the server revealing the full local installation path of the application, which could be used for further attacks.

What's at Risk

While this vulnerability does not allow for remote code execution, it poses a risk by leaking filesystem details. Such information can be invaluable for attackers, enabling them to conduct reconnaissance. They could potentially exploit this information for path-based attacks or file inclusion attempts, which could compromise the server further.

The CVSS score of 4.3 indicates a medium severity level, highlighting the importance of addressing this flaw promptly. Organizations using affected versions of Wing FTP Server should take immediate action to mitigate risks associated with this vulnerability.

Patch Status

CISA has mandated that federal agencies must address this vulnerability by March 30, 2026. This directive is part of the Binding Operational Directive (BOD) 22-01, which aims to reduce the risk of known exploited vulnerabilities. Private organizations are also encouraged to review the catalog and take necessary actions to secure their infrastructures.

The latest version of Wing FTP Server, 7.4.4, includes a fix for this vulnerability. It is crucial for organizations to update their systems to this version to prevent potential exploitation.

Immediate Actions

Organizations should prioritize the following actions:

  • Update Wing FTP Server to version 7.4.4 or later.
  • Review security practices to ensure that sensitive information is not exposed through improper input handling.
  • Monitor systems for any signs of exploitation attempts related to this vulnerability.

By taking these steps, organizations can significantly reduce their risk of falling victim to further attacks that leverage this information disclosure flaw.

🔒 Pro insight: Organizations must prioritize patching CVE-2025-47813 to prevent potential reconnaissance and exploitation by threat actors.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

HIGHVulnerabilities

HPE Vulnerability - Critical Update for Telco Service Orchestrator

HPE has issued a security advisory regarding a vulnerability in the Telco Service Orchestrator. Users of versions before v4.2.12 are at risk. Immediate updates are necessary to protect against potential exploits.

Canadian Cyber Centre Alerts·
CRITICALVulnerabilities

CVE-2025-47812 - Critical Wing FTP Server Vulnerability Alert

A critical vulnerability in Wing FTP Server has been discovered and actively exploited. Users of versions v7.4.3 and prior are at risk. Immediate updates to v7.4.4 are essential for protection.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Flags Wing FTP Server Flaw Exploited

CISA has issued a warning about a critical vulnerability in Wing FTP Server. This flaw affects numerous organizations, including federal agencies. Immediate patching is essential to prevent potential remote code execution attacks.

BleepingComputer·
HIGHVulnerabilities

UK's Companies House - Security Flaw Exposed Business Data

A serious security flaw at Companies House exposed sensitive data of five million companies for five months. This raises significant concerns about data protection and privacy. Companies House is investigating the incident and has reported it to the relevant authorities.

BleepingComputer·
HIGHVulnerabilities

Microsoft Edge Vulnerability - Critical Update Released

Microsoft has released a critical update for Edge to fix CVE-2026-3910. Users must update to version 146.0.3856.59. This vulnerability poses serious risks, so immediate action is essential.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Adds CVE-2025-47813 to Catalog

CISA has added a new vulnerability to its catalog, CVE-2025-47813. This flaw affects the Wing FTP Server and poses serious risks to federal networks. Timely remediation is crucial to prevent exploitation. Organizations are urged to prioritize addressing this vulnerability.

CISA Advisories·