CISA warns of actively exploited Wing FTP Server vulnerability

Coverage from Bleeping Computer indicates that U.S. government agencies have been alerted by CISA to secure their Wing FTP Server instances against a critical vulnerability, CVE-2025-47813, which is being actively exploited and could lead to remote code execution attacks.

The vulnerability allows low-privileged attackers to discover the full local installation path of the Wing FTP Server software. This flaw can be chained with another critical remote code execution vulnerability, CVE-2025-47812, and an information disclosure flaw, CVE-2025-27889, which can be used to steal user passwords. Wing FTP Server, used by over 10,000 customers globally, including major organizations, had the vulnerability patched in version 7.4.4 released in May 2025. Proof-of-concept exploit code for CVE-2025-47813 was released in June.

CISA has added CVE-2025-47813 to its catalog of actively exploited vulnerabilities, mandating federal agencies to apply mitigations within two weeks per Binding Operational Directive 22-01. While the directive specifically targets federal agencies, CISA strongly encourages all organizations, including those in the private sector, to patch their Wing FTP Server instances promptly to protect against ongoing attacks and potential data breaches.

Source: Bleeping Computer