- CISA adds Wing FTP server bug (CVE-2025-47813) to KEV catalog
- Medium severity flaw leaks server routes and is exploited in chained attacks
- Federal agencies ordered to apply patches by March 30 or suspend their use
The US Cybersecurity and Infrastructure Security Agency (CISA) added a new bug to its catalog of known exploited vulnerabilities (KEV), warning US federal agencies of ongoing attacks and urging them to fix it immediately.
The organization added CVE-2025-47813, a bug found in the Wing FTP server, to KEV.
Wing FTP Server is a cross-platform file transfer server used to securely share and manage files, similar to MOVEit or GoAnywhere Managed File Transfer (MFT) solutions. According to its website, it is used by companies such as US AirForce, Airbus, PakGazette and Sony.
Article continues below.
Proof of concept
The bug is described as an “information disclosure vulnerability” that can expose sensitive data in error messages. It happens because the application incorrectly handles a long UID cookie value, resulting in an error message that reveals the full local installation path of the server.
It was assigned a severity score of 4.3/10 (mean). Therefore, it is not the most critical bug of all, but it can be used for reconnaissance and chained with other bugs to launch more serious attacks. In fact, this is exactly what is happening in nature right now.
According beepcomputerSecurity researcher Julien Ahrens shared a proof-of-concept (PoC) exploit code in the summer of 2025, emphasizing that attackers were chaining it with a separate bug, tracked as CVE-2025-47812.
The bug affects all versions of the Wing FTP server prior to 7.4.4 and was fixed in May 2025. The same fix addressed two additional bugs: a critical remote code execution (RCE) vulnerability tracked as CVE-2025-57812 and an information disclosure flaw tracked as CVE-2025-27889.
Now, the agencies of the Federal Civil Executive Branch (FCEB) have a period of two weeks to patch the software, which expires on March 30. Alternatively, they may stop using the product altogether.
“This type of vulnerability is a frequent attack vector for malicious cyberattacks and poses significant risks to the federal enterprise,” CISA said. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are not available.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
