Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a medium-severity vulnerability in Wing FTP, which is actively being exploited. This vulnerability, tracked as CVE-2025-47813, involves information disclosure that could leak server installation paths.

Key Points

• CISA added the Wing FTP vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on Monday.
• The vulnerability is identified as CVE-2025-47813 with a CVSS score of 4.3.
• It is classified as an information disclosure vulnerability that leaks the installation path of the application.
• There is evidence of active exploitation of this vulnerability.

Analysis

The inclusion of this vulnerability in CISA's KEV catalog underscores its potential impact, despite its medium severity rating. Active exploitation suggests that attackers are leveraging this flaw to gain unauthorized insights into server configurations, which could be a precursor to more severe attacks. IT professionals should prioritize understanding and mitigating this vulnerability to protect their systems.

Conclusion

IT professionals should promptly assess their systems for the presence of Wing FTP and apply necessary patches or mitigations to address CVE-2025-47813. Monitoring for unusual activity related to server paths is also recommended to prevent potential exploitation.