External risk intelligence

Wing FTP Server Information Disclosure Vulnerability.

CVE advisoryKnown Exploit

CVE-2025-47813

Wing FTP Server may disclose its local installation path via a specific cookie input. This information could help attackers understand the environment, potentially aiding further malicious activity. Organizations using this product should address potential exposure.

4Halo Surface Signal

Wftpserver Wing Ftp Server

before 7.4.4

External exposure likelihood

Halo Surface Signal score for CVE-2025-47813

Wing FTP Server is designed to provide remote file transfer services and typically operates as an internet-facing gateway or server. The vulnerability exists within the web-based login interface, which is commonly exposed to the public internet to facilitate remote access for users and clients.

Horizon Alert

Summary of the vulnerability and why it matters

Wing FTP Server contains a flaw in its login process that can expose sensitive installation details. When a specific input is provided, the server may reveal the complete local installation path of the application. This disclosure can potentially aid attackers in understanding the server's configuration and planning further actions.

Vulnerable component: Wing FTP Server's login page
Core weakness: Disclosure of installation path via cookie
Main business impact: Information leakage to unauthorized parties

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to discover the installation path of Wing FTP Server. An attacker could leverage this information to potentially identify further vulnerabilities within the server's environment. This disclosure could aid in planning more sophisticated attacks against the organization's file transfer services.

External network access required.
Attacker sends long UID cookie.
Server reveals installation path.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows for the disclosure of local installation path information within Wing FTP Server. An attacker could leverage this to gain insights into the server's environment, potentially aiding in further exploitation attempts. The disclosure occurs when a specific condition related to the UID cookie is met during the login process.

Likely attacker skill: Low
Required access: Network access
Business risk: Medium

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The Wing FTP Server application may disclose the local installation path when using a long value in the UID cookie. This vulnerability, classified as medium severity, could provide attackers with information about the server's environment, potentially aiding further malicious activity. Organizations using this product should take immediate steps to identify and address potential exposure.

Find all Wing FTP Server instances.
Reduce exposure or isolate affected systems.
Apply vendor fixes and validate.
Monitor for related issues.

Frequently asked questions

What is Wing FTP Server and what is it used for?

Wing FTP Server is a product used for providing remote file transfer services. It allows users to manage and transfer files across different locations, often acting as a gateway for remote access to files.

What kind of weakness does CVE-2025-47813 represent?

CVE-2025-47813 is an information disclosure vulnerability, specifically classified under CWE-209. This means the software improperly generates error messages or reveals sensitive information that could assist an attacker.

How can an attacker trigger the vulnerability in Wing FTP Server?

An attacker can trigger this vulnerability by providing a long value in the UID cookie during the login process. This specific input causes the server to disclose its full local installation path.

Who should be concerned about this Wing FTP Server vulnerability?

Organizations that use Wing FTP Server, especially those with internet-facing instances, should be concerned. The vulnerability's nature suggests it can be accessed over a network, potentially exposing sensitive information to external attackers.

What is the first step for running Wing FTP Server technology?

The immediate first step is to identify all instances of Wing FTP Server within your environment. After identification, focus on reducing their exposure or isolating them, and then apply any available fixes from the vendor.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.