Path Disclosure via Long UID Cookie in Wing FTP Server <=7.4.3
CVE-2025-47813 Published on July 10, 2025
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Known Exploited Vulnerability
This Wing FTP Server Information Disclosure Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
The following remediation steps are recommended / required by March 30, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.
Products Associated with CVE-2025-47813
Want to know whenever a new CVE is published for Wftpserver Wing Ftp Server? stack.watch will email you.
Affected Versions
wftpserver Wing FTP Server:- Before 7.4.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.