Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Wing FTP Server actively exploited installation path disclosure remote code execution flaw (CVE-2025-47813)

Vulnerability
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

Wing FTP Server instances faced active exploitation of CVE-2025-47813, a flaw that can reveal the server's full local installation path on unpatched systems. The weakness may support attack chaining into remote code execution. CISA added the CVE to its actively exploited catalog and urged rapid remediation.

Related Happenings

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Open Happening

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Open Happening

Timeline

  1. 16.03.2026 20:00 2 articles · 2mo ago

    CISA adds Wing FTP Server CVE-2025-47813 to actively exploited catalog

    Legal Policy Action Update

    CISA added Wing FTP Server CVE-2025-47813 to its actively exploited catalog and directed Federal Civilian Executive Branch agencies to secure affected servers within two weeks under BOD 22-01. The flaw exposes the full local installation path through a long UID cookie value and can be chained into remote code execution on unpatched Wing FTP Server instances. Wing FTP Server v7.4.4 had already patched CVE-2025-47813 in May 2025 alongside CVE-2025-47812 and CVE-2025-27889, and Julien Ahrens shared proof-of-concept exploit code for CVE-2025-47813 in June.

    Show sources
    Open in new tab