CVE-2025-47813
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
| CWE | CWE-209 |
| Vendor | wftpserver |
| Product | wing ftp server |
| Published | Jul 10, 2025 |
| Last Updated | Mar 17, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for wftpserver wing ftp server
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-47813.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wftpserver / Wing FTP Server
0 < 7.4.4
References
wftpserver.com: https://www.wftpserver.com rcesecurity.com: https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ github.com: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813