Overview
- CISA listed CVE-2025-47813 in its Known Exploited Vulnerabilities catalog and required Federal Civilian Executive Branch agencies to remediate by March 30, 2026 under BOD 22-01.
- The flaw exposes the full local installation path via an overlong UID cookie on the /loginok.html endpoint, affecting Wing FTP Server versions prior to and including 7.4.3.
- Wing FTP Server version 7.4.4, released in May 2025, patches the issue, and researcher Julien Ahrens published a proof-of-concept demonstrating the path disclosure.
- Reports note evidence of in-the-wild exploitation, though public details on current tactics or routine chaining with other bugs have not been disclosed.
- Security teams are warned the leak can facilitate exploitation of the previously abused remote code execution bug CVE-2025-47812, and all organizations are urged to apply vendor fixes.