How severe is CVE-2025-47813?

CVE-2025-47813 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-47813

Name: wing_ftp_server
Author: wftpserver

4.3MEDIUM

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

公開日: 7/10/2025更新日: 7/17/2025

CISA既知の悪用された脆弱性

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

必要な対応:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

期限:

2026-03-30

説明

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

AI分析AIによる分析

影響を受ける製品

wftpserverwing_ftp_server

参照

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt
ExploitThird Party Advisory
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
ExploitThird Party Advisory
https://www.wftpserver.com
Broken Link
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt
ExploitThird Party Advisory