CVE-2025-47813

Warnung

Medienbericht

Exploit

EPSS 56.37%
Veröffentlicht 10.07.2025 00:00:00
Zuletzt bearbeitet 16.03.2026 20:20:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wftpserver ≫ Wing Ftp Server Version < 7.4.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

16.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Wing FTP Server Information Disclosure Vulnerability

Schwachstelle

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	56.37%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

17.03.2026 22:19

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

17.03.2026 13:39

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

17.03.2026 11:03

https://www.wftpserver.com

Product

https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

Third Party Advisory

Exploit

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt

Third Party Advisory

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-47813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47813

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-47813

16.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog