CISA Flags Actively Exploited Wing FTP Info Leak Patch
⚠️ CISA has added a medium-severity information-disclosure bug, CVE-2025-47813, affecting Wing FTP to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw can leak the application's installation path when a long value is supplied in the UID session cookie and impacts versions up to 7.4.3. Vendor fixes were released in May with Wing FTP 7.4.4, which also addresses a separate critical RCE (CVE-2025-47812). Federal agencies are advised to apply updates by March 30, 2026.
