• Home
  • cyber
  • Wing FTP Server: CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks
cyber Vulnerability

Wing FTP Server: CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks

Mar 16, 2026 2 min read
Wing FTP Server: CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks

CISA Warns of Active Exploitation in Wing FTP Server Vulnerability (CVE-2025-47813)

On March 16, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation by threat actors. Tracked as CVE-2025-47813, the flaw is an information disclosure vulnerability stemming from improper handling of oversized UID cookie values in server requests.

When exploited, the bug triggers an error message that inadvertently exposes sensitive system details, classified under CWE-209. While not directly enabling remote code execution, the leaked data provides attackers with critical insights to bypass security controls and escalate attacks. File transfer servers like Wing FTP are prime targets due to their access to corporate data and network-edge positioning.

CISA has mandated federal agencies to patch or mitigate the vulnerability by March 30, 2026, with private organizations urged to follow suit. Recommended actions include applying vendor-supplied patches, adhering to Binding Operational Directive (BOD) 22-01, and discontinuing use of the software if fixes are unavailable. The inclusion in the KEV catalog confirms real-world attacks, underscoring the urgency for affected entities to secure their infrastructure.

Source: https://gbhackers.com/cisa-alert-on-wing-ftp-server-vulnerability/

Wingtech 闻泰科技 cybersecurity rating report: https://www.rankiteo.com/company/wingtech-group

"id": "WIN1773743431",
"linkid": "wingtech-group",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology/File Transfer Solutions',
                        'name': 'Wing FTP Server',
                        'type': 'Software'}],
 'attack_vector': 'Improper handling of oversized UID cookie values in server '
                  'requests',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive system details'},
 'date_detected': '2026-03-16',
 'date_publicly_disclosed': '2026-03-16',
 'description': 'On March 16, 2026, the Cybersecurity and Infrastructure '
                'Security Agency (CISA) added a critical vulnerability in Wing '
                'FTP Server to its Known Exploited Vulnerabilities (KEV) '
                'catalog, signaling active exploitation by threat actors. '
                'Tracked as CVE-2025-47813, the flaw is an information '
                'disclosure vulnerability stemming from improper handling of '
                'oversized UID cookie values in server requests. When '
                'exploited, the bug triggers an error message that '
                'inadvertently exposes sensitive system details, classified '
                'under CWE-209. While not directly enabling remote code '
                'execution, the leaked data provides attackers with critical '
                'insights to bypass security controls and escalate attacks.',
 'impact': {'data_compromised': 'Sensitive system details',
            'operational_impact': 'Potential bypass of security controls and '
                                  'escalation of attacks',
            'systems_affected': 'Wing FTP Server'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': 'Patch management, adherence '
                                                  'to BOD 22-01',
                            'root_causes': 'Improper handling of oversized UID '
                                           'cookie values in server requests'},
 'recommendations': 'Apply vendor-supplied patches, adhere to Binding '
                    'Operational Directive (BOD) 22-01, discontinue use of the '
                    'software if fixes are unavailable',
 'references': [{'date_accessed': '2026-03-16',
                 'source': 'CISA Known Exploited Vulnerabilities (KEV) '
                           'catalog'}],
 'regulatory_compliance': {'regulatory_notifications': 'CISA Known Exploited '
                                                       'Vulnerabilities (KEV) '
                                                       'catalog addition'},
 'response': {'containment_measures': 'Apply vendor-supplied patches, adhere '
                                      'to Binding Operational Directive (BOD) '
                                      '22-01, discontinue use if fixes are '
                                      'unavailable',
              'remediation_measures': 'Patch or mitigate the vulnerability by '
                                      'March 30, 2026'},
 'stakeholder_advisories': 'Federal agencies mandated to patch or mitigate by '
                           'March 30, 2026; private organizations urged to '
                           'follow suit',
 'title': 'CISA Warns of Active Exploitation in Wing FTP Server Vulnerability '
          '(CVE-2025-47813)',
 'type': 'Information Disclosure',
 'vulnerability_exploited': 'CVE-2025-47813 (CWE-209)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.