COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-47813

CVE-2025-47813

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-16
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-47813
⌖ exploited in the wild shame 45/100 exploited-in-wildinformation-disclosureunpatched

Wing FTP Server exposes sensitive data via UID cookie error messages when misconfigured, enabling information disclosure.

The vulnerability allows attackers to extract sensitive information from error messages when a long UID cookie value is used, creating a significant risk for organizations relying on Wing FTP for secure file transfers. This information disclosure can aid attackers in reconnaissance or credential harvesting, potentially leading to further compromise of FedRAMP or NIST 800-171 systems. DIB organizations must immediately patch or disable the affected server generation to prevent data leakage.

Shame score — The vulnerability is a known information disclosure issue that was actively exploited but does not involve remote code execution or zero-day exploitation.

Players implicated

Wing FTP Server · vendorWing FTP Server · product

Description

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.