1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This Wing FTP Server flaw is being actively exploited in attacks

    From TechnologyDaily@1337:1/100 to All on Tuesday, March 17, 2026 16:15:32
    This Wing FTP Server flaw is being actively exploited in attacks CISA says mitigate now

    Date:
    Tue, 17 Mar 2026 16:00:00 +0000

    Description:
    CISA adds a new vulnerability to KEV, signaling abuse in the wild.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter Sign up for
    breaking news, reviews, opinion, top tech deals, and more. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter
    CISA adds Wing FTP Server bug (CVE-2025-47813) to KEV catalog Medium-severity flaw leaks server paths, exploited in chained attacks Federal agencies
    ordered to patch by March 30 or discontinue use The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new bug to its Known Exploited Vulnerabilities (KEV) catalog, warning US federal agencies about ongoing attacks and urging them to patch up immediately.

    The organization added CVE-2025-47813, a bug found in Wing FTP Server, to
    KEV. Wing FTP Server is a cross-platform file transfer server used to
    securely share and manage files, similar to MOVEit or GoAnywhere Managed File Transfer (MFT) solutions. According to its website, it is used by the likes
    of US AirForce, Airbus, Reuters, and Sony . Article continues below You may like US government told to patch high-severity Gogs security issue or face attack Cisco warns of critical SD-WAN security flaw which has been open since 2023 CISA reveals warning on Asus software flaw, here's what you need to do
    to stay safe Proof of concept The bug is described as an information disclosure vulnerability that can expose sensitive data in error messages. It happens because the application improperly handles a long UID cookie value, triggering an error message that reveals the servers full local installation path.

    It was given a severity score of 4.3/10 (medium). So, its not the most critical of all bugs, but it can be used for reconnaissance and chained with other bugs to launch more serious attacks. In fact, this is exactly what is happening in the wild, right now.

    According to BleepingComputer , security researcher Julien Ahrens shared proof-of-concept (PoC) exploit code in summer 2025, stressing that the attackers were chaining it with a separate bug, tracked as CVE-2025-47812.

    The bug affects all Wing FTP Server versions before 7.4.4 and was patched in May 2025. The same fix addressed two additional bugs - a critical remote code execution (RCE) vulnerability tracked as CVE-2025-57812, and an information disclosure flaw tracked as CVE-2025-27889. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Now, Federal Civilian Executive Branch (FCEB) agencies have a two-week deadline to patch the software, which expires on March 30. Alternatively,
    they can stop using the product altogether.

    "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA said. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-wing-ftp-server-flaw-is-being-acti vely-exploited-in-attacks-cisa-says-mitigate-now


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)