The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the exploitation of a vulnerability in Wing FTP, a secure file transfer protocol server used across Windows, macOS, and Linux platforms. This flaw, identified over a year ago, poses significant risks if left unaddressed.
Understanding the Wing FTP Vulnerability
Wing FTP, a versatile FTP server, supports various file transfer protocols, allowing administrators remote management through a web interface. The vulnerability in question, tracked as CVE-2025-47813, is a medium-severity issue that can expose the full local installation path of the application. This occurs when an overly long value is input into the UID cookie during a logged-in session.
The flaw was originally disclosed on May 14, 2025, coinciding with the release of Wing FTP Server version 7.4.4, which included necessary patches. However, recent reports highlight that this vulnerability is actively exploited, prompting CISA to urge federal agencies to implement the patch by March 30.
Technical Details and Exploitation Risks
This security issue affects the loginok.html endpoint in Wing FTP, where inadequate validation of the UID cookie could allow attackers to retrieve the full installation path by inputting a value exceeding the system’s maximum path size. This was detailed by security expert Julien Ahrens of RCE Security, who also released a proof-of-concept demonstrating the flaw.
Ahrens warned that attackers might use this information to exploit further vulnerabilities within Wing FTP, such as CVE-2025-47812. This critical flaw, capable of enabling remote code execution, was patched simultaneously with CVE-2025-47813. June 2025 saw this vulnerability exploited, with Censys identifying approximately 5,000 servers at risk from POST request exploits.
Response and Preventive Measures
CISA’s inclusion of these vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog underscores the urgency for organizations to address these security gaps. The catalog serves as a resource for tracking high-profile vulnerabilities that require immediate attention. CISA’s call to action emphasizes the need for timely updates and patches to safeguard federal systems.
Looking forward, organizations are encouraged to remain vigilant and proactive in applying software updates. By doing so, they can mitigate potential threats and ensure robust cybersecurity defenses. The ongoing evolution of cyber threats necessitates a dynamic response strategy to protect critical infrastructure.
Related security news highlights similar vulnerabilities, including issues with N8n, Slopoly malware, and recent updates to Chrome and Ivanti Endpoint Manager, reflecting the broader landscape of cybersecurity challenges.
