CVE-2025-47813

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions prior to 7.4.4

Description: The

loginok.html

component in Wing FTP Server discloses the full local installation path of the application when a long value is used in the

UID

cookie. This allows an authenticated user to obtain sensitive information about the system.

Recommendations: Update to Wing FTP Server version 7.4.4 or later.

Exploit

Fix

RCE

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

BDU:2025-08716

CVE-2025-47813

Wing Ftp Server