CP
cyberpings
VulnerabilitiesMEDIUM

Wing FTP Vulnerability CVE-2025-47813 - CISA Alerts Exploitation

SWSecurityWeek
CVE-2025-47813Wing FTPCISAUID cookieRCE
🎯

Basically, a flaw in Wing FTP can let attackers see secret paths on the server.

Quick Summary

CISA has flagged a year-old vulnerability in Wing FTP as actively exploited. This flaw could expose sensitive installation paths, increasing security risks. Immediate patching is essential to protect your systems.

The Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a year-old vulnerability in Wing FTP, tracked as CVE-2025-47813. This medium-severity flaw arises when an overly long value is used in the UID cookie during a logged-in session. When exploited, it can disclose the full local installation path of the application, posing a significant security risk.

Wing FTP is a popular secure FTP server that operates across multiple platforms, including Windows, macOS, and Linux. The vulnerability affects the loginok.html endpoint, which fails to validate the UID cookie properly. As a result, attackers can manipulate the UID cookie to trigger an error message that reveals sensitive information about the server's installation path.

What's at Risk

The implications of this vulnerability are serious. By obtaining the full local server path, attackers can potentially exploit other vulnerabilities within Wing FTP. Notably, CVE-2025-47812, another critical flaw that allows remote code execution, could be leveraged once the installation path is known. This interconnectedness amplifies the risk, making it crucial for organizations using Wing FTP to take immediate action.

The flaw was first disclosed on May 14, 2025, coinciding with the release of Wing FTP Server version 7.4.4, which included patches for this vulnerability. However, the recent CISA alert indicates that the flaw is now being actively exploited in the wild, highlighting the importance of timely patching.

Patch Status

CISA has added CVE-2025-47813 to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are urged to apply the necessary patches by March 30, 2026. Organizations that have not yet updated their systems are at risk of exploitation, especially since the vulnerability has been confirmed to be actively targeted.

The patch for this vulnerability is included in the same version that addressed CVE-2025-47812. Thus, it is essential for users to ensure they are running the latest version of Wing FTP to mitigate these risks effectively.

Immediate Actions

For those managing Wing FTP servers, immediate action is necessary. Here are steps to take:

  • Update to the latest version of Wing FTP Server (7.4.4 or later) to apply the patches.
  • Review server logs for any suspicious activity that may indicate exploitation attempts.
  • Implement additional security measures, such as limiting access to the server and monitoring for unusual behavior.

By taking these steps, organizations can protect themselves from potential attacks stemming from this vulnerability. The time to act is now, as the risk of exploitation continues to grow.

🔒 Pro insight: The active exploitation of CVE-2025-47813 underscores the need for prompt patching and proactive vulnerability management in FTP services.

Original article from

SecurityWeek · Ionut Arghire

Read Full Article

Share

Related Pings

MEDIUMVulnerabilities

Windows 11 Vulnerability - Fix for Samsung C: Drive Issues

Microsoft has shared a fix for C: drive access issues affecting Samsung laptops running Windows 11. Users may face app failures and permission problems. Follow the recovery steps to restore normal functionality.

BleepingComputer·
MEDIUMVulnerabilities

Windows 11 Hotpatch - Fixes Bluetooth Device Visibility Issue

Microsoft's latest update resolves a Bluetooth visibility issue on Windows 11. Affected users can now see and connect their devices seamlessly. This fix is crucial for maintaining productivity and device management. Make sure your system is updated!

BleepingComputer·
HIGHVulnerabilities

AWS Bedrock Vulnerability - DNS Escape Hatch Discovered

AWS Bedrock's sandbox mode has a serious flaw, allowing DNS queries that can lead to data breaches. This affects users relying on its isolation features. AWS has acknowledged the issue but claims it's intended functionality, leaving security teams to adapt.

CSO Online·
HIGHVulnerabilities

Chrome 0-Day Vulnerabilities - CISA Issues Urgent Warning

CISA has issued an urgent warning about critical zero-day vulnerabilities in Chrome. Active exploitation is confirmed, impacting users and organizations. Immediate updates are crucial to protect your data.

Cyber Security News·
HIGHVulnerabilities

Palo Alto Cortex XDR - Critical Evasion Flaw Exploited

A critical flaw in Palo Alto Cortex XDR was discovered, allowing attackers to bypass detections. This affects many users relying on the software. The vulnerability highlights the importance of vigilance and timely updates.

Cyber Security News·
MEDIUMVulnerabilities

Wing FTP Vulnerability - CISA Flags Active Exploitation Alert

CISA has flagged a medium-severity vulnerability in Wing FTP, allowing attackers to leak sensitive server paths. Organizations must upgrade to the latest version to mitigate risks. Immediate action is essential to protect sensitive data and maintain operational integrity.

The Hacker News·