The U.S. cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability in the Wing FTP Server software to its catalog of known exploited flaws. The agency announced the inclusion on Monday, stating it possesses evidence of active exploitation in the wild.

The vulnerability, tracked as CVE-2025-47813, carries a medium-severity Common Vulnerability Scoring System (CVSS) score of 4.3. It is classified as an information disclosure flaw. Under specific conditions, this weakness can leak the full installation path of the Wing FTP application on a server.

Understanding the Vulnerability and Its Risks

While the CVSS score indicates a medium severity, the fact that CISA has placed it on the Known Exploited Vulnerabilities (KEV) list elevates its urgency. The KEV catalog highlights flaws that federal civilian agencies must patch on a mandated timeline due to active threats. For private sector organizations, it serves as a critical indicator of what attackers are currently targeting.

An exposed server path, while not directly enabling system takeover, provides attackers with valuable reconnaissance data. This information can map the server’s directory structure, which may be leveraged in subsequent attacks. Knowledge of the exact installation path can aid in crafting more precise exploits for other potential vulnerabilities.

Required Action for System Administrators

CISA’s binding operational directive requires all federal civilian executive branch agencies to apply the relevant security updates by a specified deadline. For CVE-2025-47813, the remediation deadline is set for April 28, 2025. Agencies must ensure the vulnerability is addressed by this date to maintain compliance.

Organizations outside the federal government are strongly advised to treat the KEV listing as a high-priority alert. Security teams using Wing FTP Server should immediately consult the vendor’s security advisories and apply any available patches or recommended workarounds. The standard security practice is to assume this flaw is being used in attacks and to act swiftly to mitigate the risk.

Broader Implications for Software Security

This event underscores the continuous need for proactive vulnerability management. Information disclosure flaws are sometimes underestimated but are frequently used as a stepping stone in broader attack chains. The active exploitation of a medium-severity path disclosure bug highlights that attackers will leverage any available advantage.

The Wing FTP Server is a popular file transfer solution used across various industries. Its compromise could affect a wide range of entities, from corporate data exchange platforms to internal network file servers. Ensuring these systems are patched is crucial for preventing data breaches and system intrusions.

Security researchers and vendors typically discover and patch such vulnerabilities before public disclosure. However, the addition to the KEV catalog confirms that malicious actors have now obtained and are using exploit code, making widespread patching an immediate defensive necessity.

Looking ahead, organizations should monitor for official patches from Wing FTP’s developer. System administrators are expected to apply updates as soon as they are tested and deemed stable for their environments. CISA and other security entities will likely continue to update the KEV catalog as the threat landscape evolves, guiding defenders on the most pressing vulnerabilities to address.

Source: Original agency announcement and CISA KEV catalog.