Exposures › CVE-2025-47813
Wing FTP Server exposes sensitive data via UID cookie error messages when misconfigured, enabling information disclosure.
The vulnerability allows attackers to extract sensitive information from error messages when a long UID cookie value is used, creating a significant risk for organizations relying on Wing FTP for secure file transfers. This information disclosure can aid attackers in reconnaissance or credential harvesting, potentially leading to further compromise of FedRAMP or NIST 800-171 systems. DIB organizations must immediately patch or disable the affected server generation to prevent data leakage.
Shame score — The vulnerability is a known information disclosure issue that was actively exploited but does not involve remote code execution or zero-day exploitation.
Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.
No correlated FedRAMP products.