Securityaffairs.Co
CISA Alerts on Actively Exploited Wing FTP Server Vulnerability CVE-2025-47813
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited vulnerability in Wing FTP Server, tracked as CVE-2025-47813. This flaw allows attackers to disclose the local installation path of the application by using a long value in the UID cookie, posing a medium risk (CVSS 4.3). CISA added this vulnerability to its Known Exploited Vulnerabilities catalog on March 16, 2026, urging all users, especially federal agencies, to secure their systems. The vulnerability is part of a series of flaws, including the critical CVE-2025-47812, which allows remote code execution without requiring login. The affected versions are those prior to 7.4.4, released in May 2025. Cybercriminals are actively targeting data transfer software, increasing the urgency for organizations to patch their systems. The developer has since released version 8.1.2, which addresses these vulnerabilities. CISA's advisory highlights the ongoing risks associated with outdated software in the cybersecurity landscape.
Key Points: • CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, 2026. • The vulnerability allows attackers to disclose sensitive installation path information with low privileges. • Organizations must upgrade to Wing FTP Server version 8.1.2 to mitigate these risks.