CVE-2025-47813
MEDIUM KEV NUCLEIWing FTP Server < 7.4.4 - Information Disclosure via UID Cookie
Title source: llmExploitation Summary
CVE-2025-47813 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 16, 2026. A Nuclei detection template is also available.
Description
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Nuclei Templates (1)
Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie
MEDIUMby rcesecurity,pdteam
Shodan:
http.html_hash:2121146066 || http.favicon.hash:963565804 || title:"Wing FTP Server" || Server: Wing FTP Server
FOFA:
icon_hash="963565804" || title="Wing FTP Server"
References (4)
Core 4
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813
Exploit, Third Party Advisory
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt
Exploit, Third Party Advisory
https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
Broken Link
https://www.wftpserver.com
Scores
CVSS v3
4.3
EPSS
0.2530
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2026-03-16
VulnCheck KEV
2026-03-16
ENISA EUVD
EUVD-2025-21020
CWE
CWE-209
Status
published
Products (2)
wftpserver/Wing FTP Server
< 7.4.4
wftpserver/wing_ftp_server
< 7.4.4
Published
Jul 10, 2025
KEV Added
Mar 16, 2026
Tracked Since
Feb 18, 2026