CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a medium-severity security flaw that affects Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog on Monday. This was done because there was proof that it was being actively exploited. CVE-2025-47813 (CVSS score: 4.3) is an information disclosure vulnerability that, under certain circumstances, lets the installation path of the application leak.

CISA said, "Wing FTP Server contains a generation of error messages containing sensitive information vulnerability when using a long value in the UID cookie." The problem affects all versions of the software up to and including version 7.4.3. In May, version 7.4.4 came out, which fixed the problem. This was after RCE Security researcher Julien Ahrens responsibly reported the problem.

It's important to note that version 7.4.4 also fixes CVE-2025-47812 (CVSS score: 10.0), another serious bug in the same product that lets code run remotely. As of July 2025, people are actively using the vulnerability in the wild. The researcher said, "Successful exploits can let an authenticated attacker get the local server path of the application, which can help in exploiting vulnerabilities like CVE-2025-47812."

We don't know how the vulnerability is being used in the real world right now, or if it's being used with CVE-2025-47812. Given the most recent event, the Federal Civilian Executive Branch (FCEB) agencies should make the necessary changes by March 30, 2026.