CVE-2025-47813
Wing FTP Server Information Disclosure Vulnerability - [Actively Exploited]
Description
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
INFO
Published Date :
July 10, 2025, 5:15 p.m.
Last Modified :
March 16, 2026, 8:20 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Update Wing FTP Server to version 7.4.4 or later.
- Remove or sanitize long UID cookie values.
Public PoC/Exploit Available at Github
CVE-2025-47813 has a 4 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-47813.
| URL | Resource |
|---|---|
| https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt | Exploit Third Party Advisory |
| https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ | Exploit Third Party Advisory |
| https://www.wftpserver.com | Product |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-47813 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-47813
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
PowerShell Python
RCE for WingFTP v4.7.3
Python
None
Python
Security Advisories
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-47813 vulnerability anywhere in the article.
-
TheCyberThrone
CISA adds Three Vulnerabilities to KEV Catalog
OverviewCISA has expanded its Known Exploited Vulnerabilities (KEV) catalog with three new entries this week, spanning enterprise collaboration, file transfer infrastructure, and email collaboration p ... Read more
-
Daily CyberSecurity
PoC Exploit Publicly Disclosed: ‘RegPwn’ Flaw Grants SYSTEM Access via Windows Accessibility
A newly discovered vulnerability, dubbed RegPwn, has pulled back the curtain on a significant security gap in the Windows Accessibility Infrastructure. Tracked as CVE-2026-24291, this local elevation ... Read more
-
Daily CyberSecurity
Leaving the Doors Unlocked: Critical 9.0 CVSS ScreenConnect Flaw Exposes Machine Keys
ConnectWise recently issued a critical security update for its ScreenConnect platform, addressing a significant vulnerability that could have allowed unauthorized actors to hijack server-level cryptog ... Read more
-
Daily CyberSecurity
Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover
A critical vulnerability has been identified in a key component of Oracle’s open-source portfolio, potentially handing the keys to edge cloud environments over to unauthenticated attackers. The flaw, ... Read more
-
CybersecurityNews
CISA Warns of Wing FTP Server Vulnerability Exploited in Attacks
CISA Warns Wing FTP Server Vulnerability Exploit A high-priority alert has been issued for a critical vulnerability in Wing FTP Server, added to the Known Exploited Vulnerabilities (KEV) catalog on Ma ... Read more
-
Daily CyberSecurity
Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles
Security researchers exposed three critical vulnerabilities in Authlib, the widely used library for building OAuth and OpenID Connect servers. With over 86 million monthly downloads, the flaws in Auth ... Read more
-
security.nl
Wing FTP Server-lek actief gebruikt bij aanvallen waarschuwt CISA
Een kwetsbaarheid in Wing FTP Server is actief bij aanvallen misbruikt, zo waarschuwt het Amerikaanse cyberagentschap CISA. Details over de aanvallen zijn niet gegeven. Via het beveiligingslek (CVE-20 ... Read more
-
Daily CyberSecurity
High-Severity Angular XSS Flaw Bypasses Built-In Sanitization
A significant security vulnerability has been unearthed in the Angular runtime and compiler, potentially exposing thousands of web applications to Cross-Site Scripting (XSS) attacks. The flaw, tracked ... Read more
-
The Hacker News
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidenc ... Read more
-
Daily CyberSecurity
CISA Flags Actively Exploited Wing FTP Server Flaw
Image: RCE Security The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive after adding a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Th ... Read more
-
Daily CyberSecurity
Backdoored React Native Packages Target Developers with Crypto-Stealing Malware
The JavaScript development community is on high alert following a coordinated supply chain attack targeting two popular React Native packages. Cybersecurity researchers at Aikido have unmasked a malic ... Read more
-
CybersecurityNews
Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online
Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. The flaw, tracked as CVE-2025-4781 ... Read more
-
BleepingComputer
Hackers are exploiting critical RCE flaw in Wing FTP Server
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. The observed attack ran multiple enume ... Read more
The following table lists the changes that have been made to the
CVE-2025-47813 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Mar. 16, 2026
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813 Types: US Government Resource Changed Reference Type MITRE: https://www.wftpserver.com Types: Broken Link MITRE: https://www.wftpserver.com Types: Product -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 16, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 16, 2026
Action Type Old Value New Value Removed Reference https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt Removed Reference Type https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt Types: Exploit, Third Party Advisory -
Initial Analysis by [email protected]
Jul. 17, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.4.4 Added Reference Type CISA-ADP: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt Types: Exploit, Third Party Advisory Added Reference Type MITRE: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt Types: Exploit, Third Party Advisory Added Reference Type MITRE: https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ Types: Exploit, Third Party Advisory Added Reference Type MITRE: https://www.wftpserver.com Types: Broken Link -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jul. 10, 2025
Action Type Old Value New Value Added Reference https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt -
New CVE Received by [email protected]
Jul. 10, 2025
Action Type Old Value New Value Added Description loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Added CWE CWE-209 Added Reference https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt Added Reference https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ Added Reference https://www.wftpserver.com