嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要通读文章,抓住主要信息。文章讲的是CISA警告美国政府机构要保护他们的Wing FTP Server实例,因为存在一个被积极利用的漏洞,可能导致远程代码执行攻击。 接下来,我得找出关键点:CISA发出警告、漏洞CVE-2025-47813、影响范围包括政府机构和大公司、漏洞可能导致敏感信息泄露和远程代码执行。然后,开发者已经修复了这个漏洞,但CISA给了联邦机构两周时间来修补系统。 现在,我需要把这些信息浓缩到一百字以内。确保涵盖主要事件:CISA警告、漏洞名称、影响、开发者修复以及应对措施。同时,语言要简洁明了,不使用复杂的术语。 可能的结构是:CISA警告美国政府机构保护Wing FTP Server实例,因存在被利用的漏洞(CVE-2025-47813),可能导致敏感信息泄露和远程代码执行。开发者已修复该漏洞,并敦促联邦机构在两周内完成修补以应对攻击。 检查一下字数是否符合要求,确保没有遗漏重要信息。这样用户就能快速了解文章的核心内容了。 </think> CISA警告美国政府机构保护Wing FTP Server实例,因存在被利用的漏洞(CVE-2025-47813),可能导致敏感信息泄露和远程代码执行。开发者已修复该漏洞,并敦促联邦机构在两周内完成修补以应对攻击。 2026-3-16 18:0:24 Author: www.bleepingcomputer.com(查看原文) 阅读量:3 收藏
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks.
Wing FTP Server is a cross-platform FTP server software that also provides secure file transfer via its built-in SFTP and web servers. The developers claim that their file transfer software is used by more than 10,000 customers worldwide, including the U.S. Air Force, Sony, Airbus, Reuters, and Sephora.
Tracked as CVE-2025-47813, the security flaw allows threat actors with low privileges to discover the full local installation path of the application on unpatched servers.
"Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie," CISA explains.
The developer patched it in May 2025 in Wing FTP Server v7.4.4, together with a critical remote code execution (RCE) bug (CVE-2025-47812) and an information disclosure flaw (CVE-2025-27889) that can be used to steal a user's password.
The RCE vulnerability was previously tagged as exploited in the wild after attackers began abusing it one day after technical details on the flaw became public.
Security researcher Julien Ahrens, who discovered and reported the flaws, also shared proof-of-concept exploit code for CVE-2025-47813 in June and said attackers may exploit it as part of the same chain as CVE-2025-47812.
On Tuesday, CISA added CVE-2025-47813 to its catalog of actively exploited vulnerabilities and gave Federal Civilian Executive Branch (FCEB) agencies two weeks to secure their systems, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01.
While BOD 22-01 targets only federal agencies, the U.S. cybersecurity agency encouraged all defenders, including those in the private sector, to patch their servers against ongoing attacks as soon as possible.
"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned on Monday.
"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh