CISA Alerts on Actively Exploited Wing FTP Server Vulnerability CVE-2025-47813

CISA Alerts on Actively Exploited Wing FTP Server Vulnerability CVE-2025-47813

First seen 16 Mar 2026, 21:52 UTC BleepingcomputerSecurityaffairs.CoThehackernewsGbhackersHeise.De+3 88% similarity 60.8

Article Content

Browse articles
ThreatCluster

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited vulnerability in Wing FTP Server, tracked as CVE-2025-47813. This flaw allows attackers to disclose the local installation path of the application by using a long value in the UID cookie, posing a medium risk (CVSS 4.3). CISA added this vulnerability to its Known Exploited Vulnerabilities catalog on March 16, 2026, urging all users, especially federal agencies, to secure their systems. The vulnerability is part of a series of flaws, including the critical CVE-2025-47812, which allows remote code execution without requiring login. The affected versions are those prior to 7.4.4, released in May 2025. Cybercriminals are actively targeting data transfer software, increasing the urgency for organizations to patch their systems. The developer has since released version 8.1.2, which addresses these vulnerabilities. CISA's advisory highlights the ongoing risks associated with outdated software in the cybersecurity landscape.

Key Points: • CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, 2026. • The vulnerability allows attackers to disclose sensitive installation path information with low privileges. • Organizations must upgrade to Wing FTP Server version 8.1.2 to mitigate these risks.

ThreatCluster AI

Timeline

2025-05-01
Wing FTP Server v7.4.4 released with patches
2025-07-01
First public PoC for CVE-2025-47812 released
2025-07-10
CVE-2025-47812 and CVE-2025-27889 published
2025-07-14
CVE-2025-47812 added to CISA KEV catalog
2026-03-16
CVE-2025-47813 added to CISA KEV catalog
2026-03-17
CISA issues alert on active exploitation of CVE-2025-47813

Community

Browse all →