NVD disclosure day

Published threat advisories for July 10, 2025

CVE advisoryKnown Exploit

CVE-2025-47813

Wing FTP Server Information Disclosure Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Wing FTP Server may disclose its local installation path via a specific cookie input. This information could help attackers understand the environment, potentially aiding further malicious activity. Organizations using this product should address potential exposure.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-47812

Wing FTP Server Remote Code Execution Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Wing FTP Server versions prior to 7.4.4 have a vulnerability allowing arbitrary system command execution with elevated privileges, potentially leading to full server compromise. This risk impacts organizations relying on this service for file transfer operations.

NVD published: • CISA KEV