CISA added a medium-severity information disclosure vulnerability in Wing FTP (CVE-2025-47813) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; the bug can leak the applicationβs installation path via an overlong UID session cookie. The vendor fixed the issue in Wing FTP 7.4.4 (also addressing the critical RCE CVE-2025-47812), and agencies are urged to apply updates by March 30, 2026. #WingFTP #CVE-2025-47813
Keypoints
- CISA added CVE-2025-47813 to its KEV catalog due to evidence of active exploitation.
- CVE-2025-47813 is an information disclosure flaw that reveals the local server path when an overlong UID cookie triggers an error at /loginok.html.
- All Wing FTP versions up to and including 7.4.3 are affected; the issue was patched in 7.4.4 after responsible disclosure by Julien Ahrens.
- Wing FTP 7.4.4 also fixes CVE-2025-47812, a critical RCE being exploited to download/execute malicious Lua files and deploy remote monitoring tools, per Huntress.
- FCEB agencies are recommended to apply the fixes by March 30, 2026; public details on in-the-wild abuse and any linkage between the two CVEs remain limited.
Read More: https://thehackernews.com/2026/03/cisa-flags-actively-exploited-wing-ftp.html