CISA Warns of Active Exploitation in Wing FTP Server Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-47813, a vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities Catalog after confirming active exploitation in the wild. The flaw, disclosed in July 2025, affects versions 7.4.4 and earlier and allows attackers to expose the full local installation path of the application via maliciously crafted error messages.
While classified as medium-severity, the vulnerability can be chained with two other patched flaws CVE-2025-47812 (remote code execution) and CVE-2025-27889 (information disclosure) to amplify its impact. Security researcher Julien Ahrens previously demonstrated in June 2024 how these vulnerabilities could be combined for maximum exploitation.
CISA emphasized that such flaws are common attack vectors for malicious actors, posing significant risks to federal networks. Wing FTP Server has since released patches for all three vulnerabilities in later versions. Organizations running outdated installations are urged to update immediately to mitigate potential threats.
Source: https://www.cyberdaily.au/security/13338-wing-ftp-server-vulnerability-added-to-cisa-s-kev-catalog
Wingbuddy cybersecurity rating report: https://www.rankiteo.com/company/wingbuddy
"id": "WIN1773721543",
"linkid": "wingbuddy",
"type": "Vulnerability",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology/Software',
'name': 'Wing FTP Server',
'type': 'Software'}],
'attack_vector': 'Maliciously crafted error messages',
'customer_advisories': 'Update to the latest version of Wing FTP Server to '
'mitigate potential threats.',
'data_breach': {'type_of_data_compromised': 'Local installation path, '
'potential system information'},
'date_publicly_disclosed': '2025-07',
'description': 'CISA has added CVE-2025-47813, a vulnerability in Wing FTP '
'Server, to its Known Exploited Vulnerabilities Catalog after '
'confirming active exploitation in the wild. The flaw affects '
'versions 7.4.4 and earlier and allows attackers to expose the '
'full local installation path via maliciously crafted error '
'messages. It can be chained with CVE-2025-47812 (remote code '
'execution) and CVE-2025-27889 (information disclosure) for '
'amplified impact.',
'impact': {'data_compromised': 'Local installation path exposure, potential '
'remote code execution, and information '
'disclosure',
'systems_affected': 'Wing FTP Server versions 7.4.4 and earlier'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Apply patches for '
'CVE-2025-47813, '
'CVE-2025-47812, and '
'CVE-2025-27889',
'root_causes': 'Unpatched vulnerabilities in Wing '
'FTP Server'},
'recommendations': 'Organizations running outdated installations of Wing FTP '
'Server are urged to update immediately to mitigate '
'potential threats.',
'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'},
{'source': 'Security Researcher Julien Ahrens'}],
'regulatory_compliance': {'regulatory_notifications': 'CISA Known Exploited '
'Vulnerabilities '
'Catalog'},
'response': {'containment_measures': 'Patches released for affected versions',
'remediation_measures': 'Update to the latest version of Wing '
'FTP Server'},
'stakeholder_advisories': 'CISA emphasized that such flaws are common attack '
'vectors for malicious actors, posing significant '
'risks to federal networks.',
'title': 'Active Exploitation of Wing FTP Server Vulnerability '
'(CVE-2025-47813)',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['CVE-2025-47813',
'CVE-2025-47812',
'CVE-2025-27889']}