CISA flags Wing FTP Server flaw as actively exploited in attacks

Published:

16 maart 2026 om 18:00:22

Alert date:

16 maart 2026 om 18:01:53

Source:

bleepingcomputer.com

Network Infrastructure, Enterprise Applications, Zero-Day Vulnerabilities

CISA has warned U.S. government agencies about an actively exploited vulnerability in Wing FTP Server instances. The vulnerability is being used in attacks and may be chained with other exploits to achieve remote code execution. Government agencies are being urged to secure their Wing FTP Server deployments immediately to prevent exploitation. The flaw represents an active threat to organizations using this FTP server software.

Technical details

CVE-2025-47813 is an information disclosure vulnerability in Wing FTP Server that allows low-privileged threat actors to discover the full local installation path of the application. The flaw occurs when using a long value in the UID cookie, generating error messages containing sensitive information. This vulnerability can be chained with CVE-2025-47812 (critical RCE) and CVE-2025-27889 (password theft) for remote code execution attacks.

Mitigation steps:

Update Wing FTP Server to version 7.4.4 or later
Apply mitigations per vendor instructions
Follow applicable BOD 22-01 guidance for cloud services
Discontinue use of the product if mitigations are unavailable
Federal agencies must secure systems within two weeks as mandated by BOD 22-01

Affected products:

Wing FTP Server (versions prior to v7.4.4)

Related CVE's:

CVE-2025-47813

CVE-2025-47812

CVE-2025-27889

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.