CISA warned U.S. authorities businesses to safe their Wing FTP Server cases towards an actively exploited vulnerability that could be chained in distant code execution assaults.
Wing FTP Server is a cross-platform FTP server software program that additionally supplies safe file switch by way of its built-in SFTP and net servers. The builders declare that their file switch software program is utilized by greater than 10,000 clients worldwide, together with the U.S. Air Power, Sony, Airbus, Reuters, and Sephora.
Tracked as CVE-2025-47813, the safety flaw permits menace actors with low privileges to find the total native set up path of the applying on unpatched servers.
“Wing FTP Server comprises a era of error message containing delicate info vulnerability when utilizing a protracted worth within the UID cookie,” CISA explains.
The developer patched it in Might 2025 in Wing FTP Server v7.4.4, along with a essential distant code execution (RCE) bug (CVE-2025-47812) and an info disclosure flaw (CVE-2025-27889) that can be utilized to steal a person’s password.
The RCE vulnerability was beforehand tagged as exploited within the wild after attackers started abusing it at some point after technical particulars on the flaw grew to become public.
Safety researcher Julien Ahrens, who found and reported the failings, additionally shared proof-of-concept exploit code for CVE-2025-47813 in June and mentioned attackers could exploit it as a part of the identical chain as CVE-2025-47812.
On Tuesday, CISA added CVE-2025-47813 to its catalog of actively exploited vulnerabilities and gave Federal Civilian Government Department (FCEB) businesses two weeks to safe their methods, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01.
Whereas BOD 22-01 targets solely federal businesses, the U.S. cybersecurity company inspired all defenders, together with these within the personal sector, to patch their servers towards ongoing assaults as quickly as potential.
“Such a vulnerability is a frequent assault vector for malicious cyber actors and poses vital dangers to the federal enterprise,” CISA warned on Monday.
“Apply mitigations per vendor directions, comply with relevant BOD 22-01 steering for cloud providers, or discontinue use of the product if mitigations are unavailable.”
Malware is getting smarter. The Pink Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
