CVE-2025-47813

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 7.4.4

Description Wing FTP Server contains an information disclosure issue in the loginok.html file. The vulnerability occurs when a long value is provided in the UID cookie. This allows a remote attacker to disclose the full local installation path of the application. This vulnerability is actively exploited in the wild and has been observed being chained with remote code execution exploits. Attackers have leveraged this vulnerability to download malicious Lua files and install Remote Monitoring and Management (RMM) tools. CISA has added this vulnerability, identified as CVE-2025-47813, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch within a specified timeframe. The vulnerability is triggered by improper validation of the UID cookie value.

Recommendations Update Wing FTP Server to version 7.4.4 or later.