4.3
CVE-2025-47813
- EPSS 25.47%
- Veröffentlicht 10.07.2025 00:00:00
- Zuletzt bearbeitet 16.03.2026 20:20:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Wftpserver ≫ Wing Ftp Server Version < 7.4.4
16.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Wing FTP Server Information Disclosure Vulnerability
SchwachstelleWing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.47% | 0.962 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.