U.S. CISA Adds a Flaw in Wing FTP Server to Its Known Exploited Vulnerabilities Catalog

CISA’s Known Exploited Vulnerabilities catalog serves as a real‑time threat‑intelligence feed, highlighting flaws that adversaries are actively weaponising. By adding Wing FTP Server’s CVE‑2025‑47813, the agency signals that even modest information‑disclosure bugs can be leveraged in multi‑stage attacks. The inclusion underscores a broader shift toward prioritising remediation of low‑severity issues that nonetheless provide valuable footholds for threat actors, especially in legacy infrastructure that remains widely deployed across critical sectors.

The flaw resides in the loginok.html page of Wing FTP Server versions before 7.4.4. When an attacker supplies an excessively long UID cookie, the server mishandles the input and returns an error message that reveals the absolute path of the application on the host system. While the bug does not permit remote code execution on its own, knowledge of the exact installation directory can accelerate path‑traversal, file‑inclusion, or privilege‑escalation exploits. Attackers can combine this disclosure with other vulnerabilities to craft targeted payloads, turning a seemingly benign information leak into a stepping stone for deeper compromise.

Remediation is straightforward: upgrade to Wing FTP Server 7.4.4 or later, or apply any vendor‑issued patches that sanitize the UID cookie handling. Federal agencies are bound by Binding Operational Directive 22‑01 to complete mitigation by March 30 2026, and non‑compliant entities risk enforcement actions. Private enterprises should treat the KEV listing as a priority item in their vulnerability‑management pipelines, integrating continuous monitoring of CISA’s catalog into patch‑assessment workflows. Proactive patching not only satisfies compliance but also reduces the attack surface, reinforcing overall cyber‑resilience in an environment where supply‑chain and reconnaissance tactics are increasingly sophisticated.