CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Wing FTP Server Vulnerability Exploited in Attacks

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

CISA has flagged an actively exploited vulnerability (CVE-2025-47813) in Wing FTP Server, which allows low-privilege attackers to discover the full local installation path of the application. This flaw can be chained with a critical remote code execution (RCE) bug (CVE-2025-47812) for further exploitation. The vulnerabilities were patched in May 2025, but attackers continue to exploit them in the wild. CISA has given federal agencies two weeks to secure their systems and encourages private sector organizations to apply mitigations immediately.

Timeline

  1. 16.03.2026 20:00 1 articles · 2h ago

    CISA Flags Wing FTP Server Flaw as Actively Exploited

    CISA has added CVE-2025-47813 to its catalog of actively exploited vulnerabilities. The flaw allows low-privilege attackers to discover the full local installation path of Wing FTP Server, which can be chained with a critical RCE bug (CVE-2025-47812) for further exploitation. CISA has given federal agencies two weeks to secure their systems and encourages private sector organizations to apply mitigations immediately.

    Show sources
    Open in new tab

Information Snippets

  • Wing FTP Server is a cross-platform FTP server software used by over 10,000 customers worldwide, including the U.S. Air Force, Sony, Airbus, Reuters, and Sephora.

    First reported: 16.03.2026 20:00
    1 source, 1 article
    Show sources

  • CVE-2025-47813 allows threat actors with low privileges to discover the full local installation path of the application on unpatched servers.

    First reported: 16.03.2026 20:00
    1 source, 1 article
    Show sources

  • The vulnerability was patched in Wing FTP Server v7.4.4 in May 2025, along with a critical RCE bug (CVE-2025-47812) and an information disclosure flaw (CVE-2025-27889).

    First reported: 16.03.2026 20:00
    1 source, 1 article
    Show sources

  • Security researcher Julien Ahrens shared proof-of-concept exploit code for CVE-2025-47813 in June 2025, indicating potential chaining with CVE-2025-47812.

    First reported: 16.03.2026 20:00
    1 source, 1 article
    Show sources

  • CISA added CVE-2025-47813 to its catalog of actively exploited vulnerabilities and gave Federal Civilian Executive Branch (FCEB) agencies two weeks to secure their systems.

    First reported: 16.03.2026 20:00
    1 source, 1 article
    Show sources