CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths - The Hacker News

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Ravie LakshmananMar 17, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions. "Wing FTP Server contains a generation of error messages containing sensitive information vulnerability when using a long value in the UID cookie," CISA said. The shortcoming affects all versions of the software prior to and including version 7.4.3. The issue was addressed in version 7.4.4, shipped in May following a responsible disclosure by RCE Security researcher Julien Ahrens. It's worth noting that version 7.4.4 also patches CVE-2025-47812 (CVSS score: 10.0), another critical bug in the same product that allows for remote code execution. As of July 2025, the vulnerability has come under active exploitation in the wild. According to details shared by Huntress at the time, attackers have leveraged it to download and execute malicious Lua files, conduct reconnaissance, and install remote monitoring and management software. Ahrens, in a proof-of-concept (PoC) exploit, shared on GitHub, noted that the endpoint at "/loginok.html" does not properly validate the value of the "UID" session cookie. As a result, if the supplied value is longer than the maximum path size of the underlying operating system, it triggers an error message that discloses the full local server path. "Successful exploits can allow an authenticated attacker to get the local server path of the application, which can help in exploiting vulnerabilities like CVE-2025-47812," the researcher added. There are currently no details on how the vulnerability is being exploited in the wild, and if it's being abused in conjunction with CVE-2025-47812. In light of the latest development, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by March 30, 2026. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  CISA, cybersecurity, Malware, network security, remote code execution, Threat Intelligence, Vulnerability Trending News Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Load More ▼ Popular Resources Get the 2026 ASV Report to Benchmark Top Validation Tools Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Guide - Discover How to Validate AI Risks With Adversarial Testing Fix Security Noise by Focusing Only on Validated Exposures