ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog lists Wing FTP Server under CVE-2025-47813 as an information disclosure vulnerability where a long value in the UID cookie can cause an error message to reveal sensitive information. The entry notes CWE-209 in relation to the vulnerability.
It also states that the vulnerability is currently Unknown in terms of being used in ransomware campaigns, with recommended actions including applying mitigations per vendor instructions, following the guidance for cloud services under BOD 22-01, or discontinuing use of the product if mitigations are unavailable. The page shows this as a single entry, with the Date Added of 16 March 2026 and a Due Date of 30 March 2026.
The KEV catalog provides downloadable formats and guidance for prioritising vulnerability management, and this particular item is associated with Wing FTP Server.