CVE-2025-47813 MEDIUM

CVE-2025-47813

Vendor Wftpserver
Product Wing FTP Server
Weakness CWE-209 · Error message info leak
KEV Status Known Exploited
Published July 10, 2025
Last update March 17, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

July 10, 2025 CVE published
March 17, 2026 Record updated