What is the CVSS score of CVE-2025-47813?

CVE-2025-47813 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.5%.

Which versions of Wing Ftp Server are affected by CVE-2025-47813?

Organizations using Wing FTP Server should be aware of moderate risk from CVE-2025-47813 rated CVSS 4.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-47813?

Yes, a public proof-of-concept exploit is available for CVE-2025-47813. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2025-47813?

Within 30 days: Identify affected systems running Wing FTP Server and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Wing Ftp Server CVE-2025-47813

EUVD-2025-21020 MEDIUM

Error Message Information Leak (CWE-209)

2025-07-10 cve@mitre.org

Information Disclosure Wing Ftp Server

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

7.4.4

Added to CISA KEV

Mar 16, 2026 - 18:16 cisa

CISA KEV

PoC Detected

Mar 16, 2026 - 18:16 vuln.today

Public exploit code

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21020

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 17:15 nvd

MEDIUM 4.3

DescriptionNVD

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Analysis

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Error Message Information Leak (CWE-209).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-47813 vulnerability details – vuln.today

Back

Wing Ftp Server CVE-2025-47813

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code