CVE-2025-47813
MEDIUM KEV NUCLEIWftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
Title source: ruleDescription
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Nuclei Templates (1)
Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie
MEDIUMby rcesecurity,pdteam
Shodan:
http.html_hash:2121146066 || http.favicon.hash:963565804 || title:"Wing FTP Server" || Server: Wing FTP Server
FOFA:
icon_hash="963565804" || title="Wing FTP Server"
Scores
CVSS v3
4.3
EPSS
0.2286
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CISA KEV
2026-03-16
VulnCheck KEV
2026-03-16
ENISA EUVD
EUVD-2025-21020
CWE
CWE-209
Status
published
Products (2)
wftpserver/Wing FTP Server
< 7.4.4
wftpserver/wing_ftp_server
< 7.4.4
Published
Jul 10, 2025
KEV Added
Mar 16, 2026
Tracked Since
Feb 18, 2026