CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内，并且不需要特定的开头。首先，我得仔细阅读文章，抓住关键点。文章主要讲的是美国网络安全和基础设施安全局（CISA）将一个中等严重性的安全漏洞加入到已知被利用的漏洞目录中。这个漏洞影响的是Wing FTP服务器，编号是CVE-2025-47813，CVSS评分为4.3，属于信息泄露类型。漏洞的具体情况是当使用长值的UID cookie时，服务器会生成包含敏感信息的错误消息，泄露应用的安装路径。这个漏洞影响所有版本到7.4.3及之前的版本，在7.4.4版本中被修复。同时，7.4.4还修复了另一个更严重的漏洞CVE-2025-47812，CVSS评分高达10.0，允许远程代码执行。攻击者利用这些漏洞下载恶意Lua文件、进行侦察，并安装远程监控软件。目前没有关于野外利用的具体细节，但建议相关部门在2026年3月30日前修复。总结的时候要涵盖CISA添加漏洞、漏洞编号、影响范围、修复版本、相关严重漏洞以及建议措施。确保语言简洁明了，不超过100字。 </think> 美国网络安全机构CISA将影响Wing FTP服务器的中等严重性漏洞CVE-2025-47813加入已知被利用漏洞目录。该漏洞可导致敏感信息泄露，并已在野外被积极利用。建议用户升级至修复版本以应对风险。 2026-3-17 05:23:0 Author: thehackernews.com(查看原文) 阅读量:21 收藏

Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions.

"Wing FTP Server contains a generation of error messages containing sensitive information vulnerability when using a long value in the UID cookie," CISA said.

The shortcoming affects all versions of the software prior to and including version 7.4.3. The issue was addressed in version 7.4.4, shipped in May following a responsible disclosure by RCE Security researcher Julien Ahrens.

It's worth noting that version 7.4.4 also patches CVE-2025-47812 (CVSS score: 10.0), another critical bug in the same product that allows for remote code execution. As of July 2025, the vulnerability has come under active exploitation in the wild.

According to details shared by Huntress at the time, attackers have leveraged it to download and execute malicious Lua files, conduct reconnaissance, and install remote monitoring and management software.

Ahrens, in a proof-of-concept (PoC) exploit, shared on GitHub, noted that the endpoint at "/loginok.html" does not properly validate the value of the "UID" session cookie. As a result, if the supplied value is longer than the maximum path size of the underlying operating system, it triggers an error message that discloses the full local server path.

"Successful exploits can allow an authenticated attacker to get the local server path of the application, which can help in exploiting vulnerabilities like CVE-2025-47812," the researcher added.

There are currently no details on how the vulnerability is being exploited in the wild, and if it's being abused in conjunction with CVE-2025-47812. In light of the latest development, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by March 30, 2026.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/03/cisa-flags-actively-exploited-wing-ftp.html
如有侵权请联系:admin#unsafe.sh