- Description
- loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- wing_ftp_server
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Wing FTP Server Information Disclosure Vulnerability
- Exploit added on
- Mar 16, 2026
- Exploit action due
- Mar 30, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-209
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
15
🚨Wing FTPに脆弱性!🚨 CISAがWing FTPの脆弱性CVE-2025-47813をKEVに追加!情報漏洩の危険あり!7.4.4未満のバージョンは要注意!アップデートは済んだ?早急な対策を! #セキュリティ #脆弱性 https://t.co/VDdDIQ8mqN
@motch_dev
17 Mar 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/ CISA just put Wing FTP on KEV for CVE-2025-47813. Yes, a “medium” bug. Yes, it’s being exploited. Security teams keep learning the same lesson: attackers do not care about your CVSS religion. https://t.co/BuO10iEjx1
@projectzerosum
17 Mar 2026
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 أعلنت وكالة الأمن السيبراني الأمريكية (CISA) أن ثغرة في Wing FTP تُستغل بنشاط وأدرجتها في قائمة الثغرات المعروفة المستغلة (KEV). الثغرة ذات خطورة متوسطة (CVSS 4.3)
@Cybercachear
17 Mar 2026
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA just added CVE-2025-47813 to the KEV catalog — Wing FTP is leaking server paths via an oversized UID cookie 🍪 Pair that with CVE-2025-47812 (CVSS 10.0 RCE) and you've got a spicy exploit chain 🔥 Patch to v7.4.4. Now. Yesterday. 🛠️ #InfoSec #CyberSecurity #W
@archie_sham
17 Mar 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CISA flags CVE-2025-47813 in Wing FTP as actively exploited. It leaks server paths via cookie errors—low severity, high value. Attackers can pair it with a known RCE flaw already used to deploy malware. 🔗 How it enables real attack chains → https://t.co/Rc3hBfsIPB
@TheHackersNews
17 Mar 2026
4578 Impressions
11 Retweets
25 Likes
7 Bookmarks
0 Replies
1 Quote
🚨 Today CVE: CVE-2025-47813 That timeline looks pretty familiar.
@EdgeDetectOps
17 Mar 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA adds Wing FTP Server bug CVE-2025-47813 to Known Exploited Vulnerabilities catalog as active attacks target info disclosure flaw, orders US agencies to patch within 2 weeks. #CISA https://t.co/FHTtdBubjf
@threatcluster
16 Mar 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 16) CVE-2025-47813 Wing FTPサーバーの情報漏洩の脆弱性 https://t.co/3N0mo7nczg
@foxbook
16 Mar 2026
198 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds CVE-2025-47813 Wing FTP Server vulnerability to Known Exploited Vulnerabilities Catalog based on active exploitation evidence. Organizations urged to prioritize immediate remediation. #Cybersecurity #InfoSec https://t.co/HYBZBMNUUA
@battista212
16 Mar 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA adds CVE-2025-47813 Wing FTP Server vulnerability to Known Exploited Vulnerabilities Catalog based on active exploitation evidence. Organizations urged to prioritize immediate remediation. #Cybersecurity #InfoSec https://t.co/u86ksekOyt
@battista212
16 Mar 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA reports active exploitation of CVE-2025-47813 in Wing FTP Server, enabling info disclosure and remote code execution when combined with a critical RCE bug. Patch v7.4.4 released in May 2025. #WingFTP #RemoteCodeExecution #USA https://t.co/w8SJ6a3A5d
@TweetThreatNews
16 Mar 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-47813 - wftpserver - Wing FTP Server - https://t.co/HoxcfrJ2Jc #OSINT #ThreatIntel #CyberSecurity #cve-2025-47813 #wftpserver #wing-ftp-server
@RedPacketSec
16 Mar 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: CVE-2025-47813 - Wing FTP Server Wing FTP Server https://t.co/BCrNQSWjd0 ; https://t.co/cxKdQaZh7B #CVE202547813 #Vulnerability
@ox0ffff
16 Mar 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability https://t.co/qBi3B6btu0
@ScyScan
16 Mar 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds a Wing FTP Server flaw (CVE-2025-47813) to its KEV catalog. The actively exploited cookie vulnerability exposes internal server paths. Update now. #WingFTPServer #CVE #CISAKEV #CyberSecurity #InfoSec #ThreatIntel #Vulnerability #PathDisclosure https://t.co/g9WytaHCg4 ht
@the_yellow_fall
16 Mar 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags Actively Exploited Wing FTP Server Flaw That May Aid RCE Chains CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog after warning that the Wing FTP Server information disclosure bug is being actively abused and may be chained with a previously
@ThreatSynop
16 Mar 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-47813: Vulnerabilidad de Divulgación de Información en Wing FTP Server Análisis técnico de la CVE-2025-47813 en Wing FTP Server, una falla de divulgación de información con puntuación CVSS 4.3. Impacto, mitigaciones y recomendacion https://t.co/RFLbGXLFCj
@CiberPlanetaOrg
16 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Wing FTP Server Information Disclosure Vulnerability (CVE-2025-47813) Wing FTP Server presenta una vulnerabilidad de divulgación de información (CWE-209) en mensajes de error al procesar valores largos en la cookie UID. Severidad media (CVSS 4.3). I
@CiberPlanetaOrg
16 Mar 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Today CVE: CVE-2025-47813 Curious how widespread the exposure actually was.
@EdgeDetectOps
16 Mar 2026
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added Wing FTP Server information disclosure vulnerability CVE-2025-47813 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.co/NPkZxZfR7r
@CISACyber
16 Mar 2026
4018 Impressions
10 Retweets
30 Likes
4 Bookmarks
3 Replies
0 Quotes
If this doesn't work, I'll be really pissed off 🗿... CVE-2021-46381 CVE-2022-0679 CVE-2023-1177 CVE-2024-12987 CVE-2025-47813 #NoHeartz #CVE #CommonVulnerabilitiesExposures #CyberNews #CyberAttack https://t.co/hrDFVeNHj0
@Noheartz1337
8 Mar 2026
200 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47813 loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. https://t.co/ama3K8kier
@CVEnew
11 Jul 2025
409 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47813 - medium 🚨 Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie > Wing FTP Server versions prior to 7.4.4 are vulnerable to an authenticated informatio... 👾 https://t.co/2xRISK6GwO @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
1 Jul 2025
76 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34AF9E83-291C-40B0-AE69-34C9B59A5D03",
"versionEndExcluding": "7.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]