FHN 
CISA has issued an urgent warning about a critical vulnerability in Wing FTP Server that is now being actively exploited. The flaw has been added to the Known Exploited Vulnerabilities (KEV) catalog, confirming that attackers are already using it in real-world scenarios.
This is a strong signal for organizations to act immediately. Systems exposed to the internet, especially file transfer servers, are high-value targets because they often handle sensitive business data and provide a direct entry point into internal networks.
Technical Details and Mitigation Steps
The vulnerability, tracked as CVE-2025-47813, is an information disclosure issue caused by improper handling of user-supplied input. Specifically, when an attacker sends an unusually large value in the UID cookie, the server fails to handle the request securely and returns detailed error messages.
These error responses can unintentionally reveal internal system details such as file paths, configurations, or backend logic. While this does not directly allow code execution, it significantly lowers the barrier for attackers by giving them insight into how the system works, which can be used to plan targeted attacks or bypass protections.
Because this vulnerability is now listed in the KEV catalog, it is confirmed to be under active exploitation, increasing the urgency for remediation.
Organizations should take the following actions without delay:
- Apply the latest security patches or updates provided by the vendor
- Review and follow infrastructure security guidance for exposed services
- Avoid processing untrusted input without proper validation and error handling
- Temporarily disable or restrict access to the server if patching is not possible
Federal agencies are expected to address this issue within a strict timeline, and private organizations are strongly advised to follow the same urgency.
Overall, even though this is categorized as an information disclosure flaw, its real risk lies in enabling deeper, more targeted attacks. Immediate patching, proper input handling, and limiting exposure are essential to reducing the attack surface.
About the Author
