CISA Flags Wing FTP Server Flaw as Actively Exploited, Prompting Immediate Patch Across Federal and Private Sectors
What Happened – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2025‑47813 in Wing FTP Server to its catalog of actively exploited vulnerabilities. The flaw discloses the full local installation path to low‑privileged attackers and can be chained with a remote‑code‑execution bug (CVE‑2025‑47812) to achieve full system compromise.
Why It Matters for TPRM –
- Exploitation can lead to credential theft, data exfiltration, or service disruption for any organization running the vulnerable FTP server.
- The product is used by high‑profile customers (U.S. Air Force, Sony, Airbus, Reuters, Sephora), meaning many third‑party relationships may inherit the risk.
- CISA’s directive gives federal agencies two weeks to remediate, signalling imminent pressure on vendors and their downstream partners.
Who Is Affected – Government agencies, aerospace & defense contractors, media companies, retail brands, and any enterprise that relies on Wing FTP Server for file transfer.
Recommended Actions –
- Verify version; upgrade immediately to Wing FTP Server v7.4.4 or later.
- Conduct an inventory of all FTP/SFTP services to confirm no unpatched instances remain.
- Review firewall and network segmentation to limit exposure of FTP ports.
- If mitigation is unavailable, consider de‑commissioning the product.
Technical Notes – The vulnerability (CVE‑2025‑47813) is an information‑disclosure flaw triggered by a long UID cookie value, revealing the installation path. It is typically leveraged alongside CVE‑2025‑47812 (critical RCE) and CVE‑2025‑27889 (password‑stealing). No public data breach has been reported, but active exploitation is confirmed. Source: BleepingComputer