Information Disclosure in Wing FTP Server by Wing FTP Software
CVE-2025-47813

4.3MEDIUM

Key Information:

Vendor: Wftpserver
Status: Wing Ftp Server
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-47813?

A vulnerability in the loginok.html file of Wing FTP Server allows attackers to disclose the full local installation path of the application when a long value is provided in the UID cookie. This could potentially expose sensitive information that may assist adversaries in launching further attacks against the server. Users of affected versions should consider upgrading to version 7.4.4 or later to mitigate this risk.

Affected Version(s)

Wing FTP Server 0 < 7.4.4

References

https://www.wftpserver.com

https://www.rcesecurity.com/2025/06/what-the-null-wing-ft...

https://github.com/MrTuxracer/advisories/blob/master/CVEs...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
May 10, 2025

Wftpserver

What is CVE-2025-47813?

Affected Version(s)

References

CVSS V3.1

Timeline