Wing FTP Vulnerability - CISA Flags Active Exploitation Alert
Basically, a flaw in Wing FTP lets hackers see secret paths on servers.
CISA has flagged a medium-severity vulnerability in Wing FTP, allowing attackers to leak sensitive server paths. Organizations must upgrade to the latest version to mitigate risks. Immediate action is essential to protect sensitive data and maintain operational integrity.
The Flaw
CISA recently added a new entry to its Known Exploited Vulnerabilities (KEV) catalog, highlighting a medium-severity vulnerability in Wing FTP. This vulnerability, identified as CVE-2025-47813, has a CVSS score of 4.3, which indicates it poses a moderate risk. The issue arises from an information disclosure vulnerability that can leak the installation path of the application under specific conditions.
The vulnerability is triggered when an unusually long value is used in the UID cookie, leading to error messages that inadvertently disclose sensitive information. This flaw affects all versions of Wing FTP prior to version 7.4.4, which was released in May 2025 following a responsible disclosure by researcher Julien Ahrens. Notably, version 7.4.4 also addresses another critical vulnerability, CVE-2025-47812, which allows for remote code execution.
What's at Risk
As of July 2025, active exploitation of this vulnerability has been reported. Attackers have been using it to download and execute malicious scripts, conduct reconnaissance, and install remote monitoring software. The risk is significant as successful exploitation can provide attackers with crucial information about the server, which could facilitate further attacks, especially in conjunction with the more severe CVE-2025-47812.
This vulnerability's exploitation could lead to unauthorized access to sensitive data, potentially compromising the integrity of the affected systems. Organizations using Wing FTP should be particularly vigilant, as the implications of such a breach could be severe, impacting both operational security and customer trust.
Patch Status
The vulnerability has been addressed in version 7.4.4 of Wing FTP. Organizations using earlier versions are strongly encouraged to upgrade to this patched version to mitigate the risks associated with CVE-2025-47813. CISA has recommended that all Federal Civilian Executive Branch (FCEB) agencies apply the necessary fixes by March 30, 2026.
It's crucial for users to regularly check for updates and apply them promptly. Keeping software up to date is one of the most effective ways to protect against known vulnerabilities and potential exploits.
Immediate Actions
To protect against this vulnerability, organizations should take the following steps:
- Upgrade to Wing FTP version 7.4.4 or later immediately.
- Monitor for any unusual activity on your servers that could indicate exploitation attempts.
- Educate staff about the importance of security updates and how to recognize potential phishing attempts that could exploit this vulnerability.
By staying informed and proactive, organizations can significantly reduce their risk of falling victim to this and other vulnerabilities. Cybersecurity is a continuous process, and vigilance is key to maintaining a secure environment.
The Hacker News