Ethical Hacking News
CISA has warned about a critical vulnerability in Wing FTP Server that is being actively exploited by attackers. Users are advised to patch their servers immediately to protect against this emerging threat.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in Wing FTP Server. The vulnerability, tracked as CVE-2025-47813, allows attackers to steal user passwords on unpatched servers. CISA urges all defenders to patch their servers against ongoing attacks as soon as possible. Users of Wing FTP Server are advised to prioritize their security and take immediate action to patch any unpatched servers. CISA's warning highlights the importance of timely patching and software updates to protect against emerging cyber threats.
CISA, or the Cybersecurity and Infrastructure Security Agency, has issued a warning about an actively exploited vulnerability in Wing FTP Server, a cross-platform FTP server software that provides secure file transfer via its built-in SFTP and web servers. According to Sergiu Gatlan, a news reporter who has covered the latest cybersecurity developments for over a decade, CISA flags this specific flaw as actively exploited in attacks.
The Wing FTP Server flaw, tracked as CVE-2025-47813, allows threat actors with low privileges to discover the full local installation path of the application on unpatched servers. This vulnerability is particularly concerning because it can be used by attackers to steal a user's password, posing significant risks to the federal enterprise. CISA has warned that this type of vulnerability is a frequent attack vector for malicious cyber actors and urges all defenders, including those in the private sector, to patch their servers against ongoing attacks as soon as possible.
The development of this vulnerability is attributed to Wing FTP Server v7.4.4, which was patched in May 2025. However, it appears that some users have not yet applied these patches, leaving them vulnerable to attack. CISA has advised Federal Civilian Executive Branch (FCEB) agencies to secure their systems within two weeks of receiving the warning.
In addition to the Wing FTP Server flaw, CISA has also identified other vulnerabilities in various products, including recently patched RoundCube flaws that are now exploited in attacks and a five-year-old GitLab flaw that is also being exploited. These warnings highlight the ongoing threat landscape and the importance of timely patching and software updates to protect against emerging cyber threats.
The use of Wing FTP Server has been widespread among various organizations, including the U.S. Air Force, Sony, Airbus, Reuters, and Sephora. The fact that this vulnerability is actively being exploited by attackers underscores the need for all users of Wing FTP Server to prioritize their security and take immediate action to patch any unpatched servers.
CISA's warning serves as a reminder of the importance of cybersecurity in today's digital landscape. As technology continues to evolve at an unprecedented rate, it is crucial that organizations stay vigilant and proactive in protecting themselves against emerging threats. By heeding CISA's warnings and taking prompt action, individuals and organizations can reduce their risk of falling victim to cyber attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Actively-Exploited-Wing-FTP-Server-Flaw-A-Threat-to-Secure-File-Transfer-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-flags-wing-ftp-server-flaw-as-actively-exploited-in-attacks/
https://cybersecuritynews.com/cisa-warns-of-wing-ftp-server-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2025-47813
https://www.cvedetails.com/cve/CVE-2025-47813/
Published: Mon Mar 16 14:03:09 2026 by llama3.2 3B Q4_K_M
