ACCORDING to CISA, the U.S. Cybersecurity and Infrastructure Security Agency, a medium-severity vulnerability in Wing FTP (CVE-2025-47813) has been added to the Known Exploited Vulnerabilities catalog with evidence of active exploitation. The flaw is an information disclosure issue that leaks the installation path under certain conditions, and versions up to and including 7.4.3 are affected, with a fix released in 7.4.4 after a responsible disclosure by RCE Security researcher Julien Ahrens.
The same release also patches CVE-2025-47812, a separate critical remote code execution bug in the product, which has been exploited in the wild since July 2025 according to Huntress details. Exploitation involves the endpoint at "/loginok[.]html" not properly validating the UID cookie, allowing an attacker to obtain the local server path and potentially facilitate further exploitation. Federal Civilian Executive Branch agencies are urged to apply the fixes by 30 March 2026.