The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP Server versions prior to 7.4.4. The issue occurs in the loginok.html page during the web authentication process.
“loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.” reads the advisory.
The flaw occurs when an attacker sends an excessively long UID cookie, triggering improper input handling that causes the server to return an error revealing the full local installation path. While it does not enable remote code execution, the leak exposes filesystem details that could aid reconnaissance and facilitate further attacks such as path-based exploitation or file inclusion attempts.
EXPLORE MORE
Iowa legislature passes bill to ban mail-order abortion pills
DES MOINES, Iowa – The Iowa Legislature gave final approval to legislation…
The war on Iran may become a turning point in the post-Cold War order — RT World News
The US and Israeli attack on Iran in February and their subsequent…
Kyle Diamantas promises to be ‘most pro-life FDA commissioner’ in US history: report
Acting Food and Drug Administration (FDA) commissioner Kyle Diamantas has promised he…
Missing Person Darla Scott from the 1st District Has Been Located
Missing Person Darla Scott from the 1st District Has Been Located |…
Pro-life leaders demand Congress defund Planned Parenthood over new COVID loan revelations
WASHINGTON, D.C. — Pro-life leaders say recent revelations about how the Biden administration…
Missing Juvenile Janetlee Knox from the 14th District
The Philadelphia Police Department is seeking the public’s assistance in locating missing…
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by March 30, 2026.
