Wing FTP Information Disclosure Added to KEV Catalog - Active Exploitation Ongoing

Summary

CVE-2025-47813 represents an information disclosure vulnerability in Wing FTP Server with a CVSS v3 score of 4.3. While the base score is moderate, CISA's addition to the KEV catalog confirms active exploitation in the wild, elevating operational priority for defenders regardless of raw CVSS metrics.

Technical Assessment

The vulnerability leaks the installation path of Wing FTP under specific conditions. Installation paths are valuable reconnaissance data—they reveal software versions, deployment patterns, and can aid attackers in subsequent exploitation chains. Information disclosure vulnerabilities are often underestimated; they frequently serve as the first step in multi-stage attacks, providing the foothold needed for privilege escalation or lateral movement.

Attack Implications

Given active exploitation, we assess that threat actors are leveraging this disclosure to map target environments. Wing FTP is commonly deployed in business and government sectors for file transfer operations. The KEV designation indicates federal agencies must prioritize remediation under BOD 22-01. The low CVSS score may cause complacency in non-federal organizations—this is a critical mistake.

Recommended Actions

1. Immediate: Identify all Wing FTP Server instances in your environment and check for available patches
2. Short-term: Apply vendor patches or implement WAF/network-level mitigations to restrict suspicious requests triggering the disclosure
3. Ongoing: Monitor logs for path enumeration attempts; correlate with other indicators of compromise
4. Strategic: Audit Wing FTP deployments for additional misconfigurations or secondary vulnerabilities

Assessment

This is a classic reconnaissance enablement vulnerability. Its real danger lies not in the disclosure itself, but in what attackers do with the leaked installation path information. Organizations should treat KEV additions as operational imperatives regardless of CVSS score.