How to fix CVE-2025-27889?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is Wing FTP Server affected by CVE-2025-27889?

CVE-2025-27889 is a low-severity vulnerability (CVSS 3.4). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

Wing FTP Server CVE-2025-27889

EUVD-2025-21019 LOW

External Control of System or Configuration Setting (CWE-15)

2025-07-10 [email protected]

Information Disclosure

3.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

7.4.4

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21019

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

PoC Detected

Jul 17, 2025 - 13:31 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 17:15 nvd

LOW 3.4

DescriptionNVD

Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this discloses a cleartext password to the attacker.

AnalysisAI

CVE-2025-27889 is a security vulnerability (CVSS 3.4). Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-27889 vulnerability details – vuln.today

Back

Wing FTP Server CVE-2025-27889

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code