Cybersecurity & Privacy

CISA Flags Wing FTP Server CVE-2025-47813 as Actively Exploited

alex2404
By
alex2404
Byalex2404
Follow:
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

Federal agencies routinely face pressure to patch known vulnerabilities quickly, but the window between public disclosure and active exploitation has compressed to near zero for some server software flaws.

Contents

CISA has added CVE-2025-47813, a vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively abusing it. The agency gave Federal Civilian Executive Branch (FCEB) agencies two weeks to secure affected systems under the requirements of Binding Operational Directive (BOD) 22-01, issued in November 2021.

Wing FTP Server is cross-platform file transfer software with built-in SFTP and web server capabilities. The developer claims more than 10,000 customers worldwide, including the U.S. Air Force, Sony, Airbus, Reuters, and Sephora.

The flaw itself allows low-privileged attackers to extract the full local installation path of the application from unpatched servers. According to the announcement, the vulnerability is triggered when a long value is passed in the UID cookie, generating an error message that exposes sensitive path information. While that capability may appear limited in isolation, its significance lies in how it connects to a broader attack chain.

A Three-Flaw Chain With a Dangerous Anchor

Security researcher Julien Ahrens, who discovered and reported the flaws, patched all three in Wing FTP Server v7.4.4 in May 2025. The bundle included CVE-2025-47812, a critical remote code execution vulnerability, and CVE-2025-27889, an information disclosure flaw capable of exposing user passwords. Ahrens published proof-of-concept exploit code for CVE-2025-47813 in June and noted that attackers could use it in the same chain as the RCE bug.

The RCE vulnerability had already been tagged as exploited in the wild — attackers began abusing it just one day after technical details became public. The path-disclosure flaw now flagged by CISA provides the kind of environmental reconnaissance that can make a follow-on code execution attempt more reliable.

More Read

CanisterWorm Hits 47 npm Packages in Trivy Supply Chain Attack
Perseus Android Malware Monitors Notes Apps for Financial Data
Oracle Emergency Patch Fixes Critical RCE Flaw CVE-2026-21992
PolyShell Flaw Enables Unauthenticated RCE on Magento Stores
INTERPOL Seizes 45,000 Malicious IPs in Global Cybercrime Sweep

Guidance Extends Beyond Federal Networks

Although BOD 22-01 applies exclusively to federal agencies, CISA extended its advisory to private sector defenders, urging all organizations running Wing FTP Server to apply vendor patches without delay. “This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” the agency stated.

For organizations unable to apply mitigations immediately, CISA’s guidance is direct: follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product entirely until a fix is in place.

The v7.4.4 update addressing all three flaws has been available since May 2025. Any deployment still running an earlier version is exposed to a documented, actively exploited vulnerability chain for which public exploit code exists.

Photo by Pixabay

This article is a curated summary based on third-party sources. Source: Read the original article

TAGGED:
Share This Article
Previous Article XRP, Pi Coin and TRUMP Price Predictions for March 2025
Next Article Woman Born Without Cervix or Vagina Conceives Son Naturally
Archives