Your internal file transfer paths are being leaked to unauthenticated scanners. 🛡️
CVE-2025-47813 · Severity Medium · Active Exploitation in Wing FTP Server.
The @[CISA](urn:li:organization:13010360) has added an information disclosure vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities catalog today. This flaw allows an unauthenticated attacker to leak the installation path and configuration data of the server through crafted requests.
While the severity is rated as medium‚ this vulnerability is a high-value P2 selection because it is a critical prerequisite for advanced path traversal and RCE attacks. Attackers are currently scanning for exposed Wing FTP instances to map internal directories before launching destructive secondary payloads.
The uncomfortable truth: Small information leaks in your perimeter services are the primary building blocks for large-scale administrative takeovers.
→ Update Wing FTP Server to the latest security release immediately to prevent directory leakage.
→ Strictly restrict management and FTP ports to known internal IP ranges using a firewall.
→ Audit server logs for anomalous GET requests targeting system-level configuration files.
#Cybersecurity #Infosec #PatchManagement #CISO #CodeDefence