CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
Summary
CISA has added a medium-severity vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities catalog. This flaw, CVE-2025-47813, is an information disclosure vulnerability that allows attackers to discover the server's installation path under specific circumstances.
IFF Assessment
FOE
The vulnerability allows attackers to gather information about the server's configuration, which can be a precursor to further exploitation.
Severity
4.3
Medium
Defender Context
This advisory highlights the importance of patching and monitoring for exploitable vulnerabilities, even those with medium severity. Defenders should prioritize patching Wing FTP Server instances and be vigilant for reconnaissance activities that might indicate attackers are probing for this vulnerability.