CVE-2025-47813
4.3MEDIUMloginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Veröffentlicht: 7/10/2025Aktualisiert: 7/17/2025
CISA Bekannte Ausgenutzte Schwachstelle
Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
Erforderliche Maßnahme:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Fälligkeitsdatum:
2026-03-30
Beschreibung
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
KI-AnalyseKI-gestützt
Betroffene Produkte
wftpserverwing_ftp_server
Referenzen
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txtExploitThird Party Advisory
- https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ExploitThird Party Advisory
- https://www.wftpserver.comBroken Link
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txtExploitThird Party Advisory