CISA Flags Actively Exploited Wing FTP Server Vulnerability, Urges Immediate Patching

The US cybersecurity agency CISA has warned of an actively exploited Wing FTP Server flaw that could enable attacks, urging organisations worldwide to apply patches and secure vulnerable systems urgently.

March 17, 2026 | Washington, D.C. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding an actively exploited vulnerability in Wing FTP Server, a widely used file transfer software across global enterprises. The flaw, identified as CVE-2025-47813, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating confirmed real-world attacks targeting unpatched systems.

According to CISA, the vulnerability allows attackers with limited access to extract sensitive information, such as the full installation path of the application. While the flaw itself is classified as an information disclosure issue, security experts warn it can be combined with other vulnerabilities to launch more severe attacks, including remote code execution. Wing FTP Server, used by thousands of organisations worldwide, supports multiple file transfer protocols and is deployed across Windows, Linux, and macOS environments. Its widespread adoption increases the potential impact of such vulnerabilities, especially in enterprise and government systems.

The vulnerability was addressed in version 7.4.4, released in May 2025, alongside fixes for other critical flaws, including a high-risk remote code execution bug. However, many systems remain unpatched, making them susceptible to ongoing exploitation attempts.

CISA has directed US federal agencies to secure affected systems within a strict timeline under existing cybersecurity directives. The agency has also urged private sector organisations to take immediate action, emphasising that such vulnerabilities are frequently exploited by cybercriminals to gain unauthorized access and compromise systems. The advisory underscores the growing threat landscape, where even moderately severe vulnerabilities can become critical when chained with other exploits, highlighting the importance of timely patch management and proactive cybersecurity practices. Wing FTP vulnerability 2026, CISA alert cybersecurity, CVE-2025-47813 exploit, file transfer server security risk, remote code execution threat, cybersecurity vulnerability warning

Follow us On Our Social media Handles :
Instagram
Youtube
Facebook
Twitter

Also Read- Pune