U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog

2 Min Read

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog.

CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP Server versions prior to 7.4.4. The issue occurs in the loginok.html page during the web authentication process.

“loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.” reads the advisory.


What do you think? Post a comment.


The flaw occurs when an attacker sends an excessively long UID cookie, triggering improper input handling that causes the server to return an error revealing the full local installation path. While it does not enable remote code execution, the leak exposes filesystem details that could aid reconnaissance and facilitate further attacks such as path-based exploitation or file inclusion attempts.

- Advertisement -

EXPLORE MORE

FBI probing intrusion into a system managing sensitive surveillance information

The Federal Bureau of Investigation (FBI) is probing suspicious activity on an…

U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa…

US justifies sanctions against Cuba with ‘crude lies’ – Havana

The latest US oil restrictions will hit the “daily life of millions”…

Cardinal Müller says Europe’s rejection of Christianity will lead to its downfall

(LifeSiteNews) — Cardinal Gerhard Müller warned during a recent conference in Rome…

Trump-backed ‘Tiger’ claims victory in Colombian election

Incumbent President Gustavo Petro dismissed the declaration as “wishful thinking” until the…

Celebrity sex crimes, imprisoning Assange and torture terror

Before Downing Street, the outgoing PM built his reputation at the CPS…

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerability by March 30, 2026.

Pierluigi Paganini



Share This Article

CONVERSATION

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted