Active Exploitation of Wing FTP Server Information Disclosure (CVE‑2025‑47813) Added to CISA KEV Catalog
What It Is — A critical information‑disclosure flaw in Wing FTP Server (CVE‑2025‑47813) allows unauthenticated attackers to retrieve configuration files, user credentials, and potentially sensitive data stored on the server.
Exploitability — CISA has confirmed active exploitation in the wild; a public proof‑of‑concept exists and threat actors are leveraging the bug to harvest credentials and map internal networks. CVSS v3.1 is currently rated 7.8 (High).
Affected Products — Wing FTP Server 7.x‑8.x (all supported editions). The product is widely used by managed service providers, SaaS platforms, and enterprises for legacy file‑transfer workloads.
TPRM Impact —
- Third‑party vendors that embed Wing FTP Server in their service stack inherit the exposure, creating a supply‑chain risk for their customers.
- An information‑disclosure breach can lead to credential leakage, enabling lateral movement into downstream systems and compromising data confidentiality across partner ecosystems.
Recommended Actions —
- Inventory all instances of Wing FTP Server across your organization and any third‑party providers.
- Apply the vendor’s patch (or upgrade to the latest major release) no later than the BOD 22‑01 remediation deadline.
- Enforce network segmentation for FTP services and restrict access to trusted IP ranges.
- Monitor logs for anomalous file‑download activity and known IoC indicators published by CISA.
- Validate third‑party remediation through contractual clauses or security questionnaires.