CVE-2025-47813: Wing FTP Server Information Disclosure Vulnerability
infovulnerability
security
Summary
Wing FTP Server has a vulnerability where error messages reveal sensitive information when users send an overly long value in the UID cookie (a small file that stores user identity data). This flaw is currently being actively exploited by attackers in real-world attacks.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.5%
Patch Available
Yes
Disclosure Date
March 15, 2026
Classification
Attack SophisticationTrivial
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-47813
First tracked: March 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%