CVE-2025-47813

Medium KEV CVSS: 4.3

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Vendor

Product

CWE

Yayın Tarihi

2025-07-10 17:15:47

Güncelleme

2026-03-16 20:20:49

Source Identifier

cve@mitre.org

KEV Date Added

2026-03-16

CWE-209 Wing Ftp Server MEDIUM Wftpserver 2025

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ https://www.wftpserver.com https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813

Medium

CVE-2020-37079

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administrat…

High

CVE-2019-25267

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute…

High

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authentica…

Critical

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o…

Low

CVE-2025-27889

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint…

Medium

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or S…