CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 30, 2026
Description
Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
EPSS — Exploit Probability
Higher than 95.5% of all CVEs
Required Action
https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
Related Articles (4)
CISA Flags Year-Old Wing FTP Vulnerability as Exploited
Tracked as CVE-2025-47813, the flaw leads to the disclosure of the full local installation path of the application.
Mar 17, 2026
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
CISA adds Wing FTP CVE-2025-47813 to KEV after active exploitation, exposing server paths and aiding attacks; patch by March 30, 2026.
Mar 17, 2026
CISA Adds One Known Exploited Vulnerability to Catalog
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Mar 16, 2026
CISA flags Wing FTP Server flaw as actively exploited in attacks
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks.
Mar 16, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 20.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 4
Timeline
Published
Mar 16, 2026
Added to KEV
Mar 16, 2026
Remediation Due
Mar 30, 2026