CISA Issues Alert on Wing FTP Server Vulnerability Used in Attacks
The Cybersecurity and Infrastructure SecurityAgency (CISA) has issued an urgent security alert regarding a critical vulnerability in the Wing FTP Server software.
CISA formally added this severe flaw to its Known Exploited Vulnerabilities (KEV) catalog on March 16, 2026. This addition serves as a definitive warning that cybercriminals are actively exploiting the bug in live attacks.
Organizations relying on this software must act immediately to secure their file transfer infrastructure.
Understanding CVE-2025-47813
Tracked as CVE-2025-47813, this flaw is categorized as an information disclosure vulnerability. It impacts the Wing FTP Server’s handling of specific user inputs, specifically when an attacker submits an exceptionally long value within the UID cookie of a server request.
During processing, the server fails to handle this oversized cookie value gracefully, generating a detailed error message. This message inadvertently exposes sensitive system information directly to the attacker.
This weakness falls under CWE-209, which pertains to error messages containing sensitive data. While information disclosure may seem less destructive than remote code execution, it provides hackers with a crucial blueprint of the server’s internal architecture.
Attackers can leverage these exposed details to bypass security measures and launch more severe, targeted attacks against the network.
Given that CISA has added this vulnerability to the KEV catalog, it is confirmed that threat actors are actively weaponizing it in the wild. File transfer servers like Wing FTP are prime targets due to their role in handling sensitive corporate data and their position at the network’s edge.
CISA uses the KEV catalog as an official resource to help organizations manage and prioritize their vulnerability patching efforts.
To mitigate CVE-2025-47813 risks, CISA mandates the following actions for network administrators:
- Apply the latest security patches or mitigations exactly as directed by the software vendor.
- Follow guidance outlined in Binding Operational Directive (BOD) 22-01 for cloud services and network infrastructure.
- Discontinue use of Wing FTP Server entirely if proper mitigations or patches are unavailable.
Federal agencies must implement these fixes by March 30, 2026. Private enterprises and security teams are strongly encouraged to meet this same deadline to safeguard their data and network integrity from ongoing exploitation.