CISA flags Wing FTP Server flaw as actively exploited in attacks

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. [...]

What is Wing FTP Server?

Wing FTP Server is a widely deployed, feature-rich FTP and SFTP server commonly used by organizations to manage secure file transfers across networks. Its popularity in corporate and government settings makes it an attractive target for threat actors seeking to establish footholds within critical infrastructure.

The Vulnerability Details

The flaw in question is an information disclosure vulnerability that allows attackers to read sensitive files from the affected server without authentication. According to CISA's advisory, CVE-2025-47813 poses a significant risk because it can be chained with other vulnerabilities to achieve remote code execution, substantially escalating the threat level from information gathering to full system compromise.

The vulnerability's severity is heightened by the fact that exploitation requires no authentication, meaning any threat actor with network access to a Wing FTP Server instance can immediately begin extracting sensitive data. This characteristic makes rapid patching critical for all organizations running affected versions.

Active Exploitation Evidence

CISA's warning specifically notes evidence of active exploitation in the wild, indicating that sophisticated threat actors are already weaponizing this vulnerability in operational campaigns. The agency has observed multiple intrusion attempts targeting government systems, suggesting a coordinated effort by threat groups to compromise U.S. federal infrastructure.

Attack Chain Implications

While the vulnerability itself leaks information, the potential for chaining with remote code execution flaws creates a two-stage attack scenario. First, attackers use the information disclosure to gather intelligence about the target system—learning about running processes, installed software versions, and user accounts. Armed with this intelligence, attackers can then identify and exploit secondary vulnerabilities to gain execution privileges.

Recommended Actions

CISA mandates that all federal civilian agencies immediately:

1. Identify and inventory all Wing FTP Server instances in their networks

2. Apply available patches from the vendor immediately

3. Implement network segmentation to restrict access to FTP services

4. Monitor logs for signs of unauthorized file access or information gathering

5. Consider temporary service shutdown if patches cannot be applied immediately

Industry-Wide Impact

Beyond government agencies, private sector organizations running Wing FTP Server should treat this advisory with equal urgency. The federal government's explicit warning validates the severity and real-world exploitability of this flaw. Organizations in critical sectors like energy, financial services, and healthcare should prioritize patching within 24-48 hours of patch availability.

⚡

TL;DR – For the Busy Reader

Wing FTP Server has become the target of active exploitation campaigns, prompting CISA to issue a direct warning to U.S. government agencies. The vulnerability, identified as CVE-2025-47813, affects multiple versions of the popular file transfer protocol server software used in enterprise environments worldwide. Wing FTP Server is a widely deployed, feature-rich FTP and SFTP server commonly used by organizations to manage secure file transfers across networks. Its popularity in corporate and.

Source attribution: via BleepingComputer. HackWire aggregates and contextualizes publicly reported cybersecurity news for informational purposes.