{"id":288,"date":"2026-03-17T06:31:18","date_gmt":"2026-03-17T06:31:18","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=288"},"modified":"2026-03-17T06:31:18","modified_gmt":"2026-03-17T06:31:18","slug":"cisa-flags-actively-exploited-wing-ftp-vulnerability-leaking-server-paths","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=288","title":{"rendered":"CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Mar 17, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjHrElxuBmshJ8wNl7qURDxcn2YLWxn07Uco53YCLhDLFqoS-exUpqGau4x9eFOvHq_KXg3ifLU3wVbZvhZExQ2XJJeWePG6zqRjrug6hAdOZaGcs78e68M7J23XMJWCXegidndqdayfGyPZt8mpLTExvPl_YJS8Nn5mPn4aEzlUKdU0B8J6-NtRX8_ncw7\/s1700-e365\/cisa-ftp.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/03\/16\/cisa-adds-one-known-exploited-vulnerability-catalog\" rel=\"noopener\" target=\"_blank\">added<\/a> a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" rel=\"noopener\" target=\"_blank\">KEV<\/a>) catalog, citing evidence of active exploitation.<\/p>\n<p>The vulnerability, <strong>CVE-2025-47813<\/strong> (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions.<\/p>\n<p>\u00abWing FTP Server contains a generation of error messages containing sensitive information vulnerability when using a long value in the UID cookie,\u00bb CISA said.<\/p>\n<p>The shortcoming affects all versions of the software prior to and including version 7.4.3. The issue was addressed in version 7.4.4, shipped in May following a responsible disclosure by RCE Security researcher Julien Ahrens.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/cyber-comm-guide-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEigDbfWwE4P_DsjfBRxgecgosqTRr8-2j328LrzdUBWrWmWeDUTI7OhXc-zXveYOjBc7GStGz5WnpXsJGaLCuoryIXbL7NxRyaWzIJGO1TBpd48NkYzNqTMj9zWMzgfvqh20RxsdMll45TFiMzXja0pAd7roFjMnzsRYBGHOWSLnyKN-oMKyCLoYcjmb5hm\/s728-e100\/ciso-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>It&#8217;s worth noting that version 7.4.4 also patches CVE-2025-47812 (CVSS score: 10.0), another <a href=\"https:\/\/www.rcesecurity.com\/2025\/06\/what-the-null-wing-ftp-server-rce-cve-2025-47812\/\" rel=\"noopener\" target=\"_blank\">critical bug in the same product<\/a> that allows for remote code execution. As of July 2025, the vulnerability has come under active exploitation in the wild.<\/p>\n<p>According to details shared by Huntress at the time, attackers have leveraged it to download and execute malicious Lua files, conduct reconnaissance, and install remote monitoring and management software.<\/p>\n<p>Ahrens, in a proof-of-concept (PoC) exploit, shared on GitHub, noted that the endpoint at \u00ab\/loginok.html\u00bb does not properly validate the value of the \u00abUID\u00bb session cookie. As a result, if the supplied value is longer than the maximum path size of the underlying operating system, it triggers an error message that discloses the full local server path.<\/p>\n<p>\u00abSuccessful exploits can allow an authenticated attacker to get the local server path of the application, which can help in exploiting vulnerabilities like CVE-2025-47812,\u00bb the researcher <a href=\"https:\/\/github.com\/MrTuxracer\/advisories\/blob\/master\/CVEs\/CVE-2025-47813.txt\" rel=\"noopener\" target=\"_blank\">added<\/a>.<\/p>\n<p>There are currently no details on how the vulnerability is being exploited in the wild, and if it&#8217;s being abused in conjunction with CVE-2025-47812. In light of the latest development, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by March 30, 2026.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Mar 17, 2026Vulnerability \/ Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities&hellip;<\/p>\n","protected":false},"author":1,"featured_media":289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[201,62,128,542,703,704,705,518,68,702],"class_list":["post-288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-actively","tag-cisa","tag-exploited","tag-flags","tag-ftp","tag-leaking","tag-paths","tag-server","tag-vulnerability","tag-wing"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=288"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/288\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/289"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}