loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Description

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Affected Products

References

• https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt(Exploit, Third Party Advisory)
• https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/(Exploit, Third Party Advisory)
• https://www.wftpserver.com(Product)
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47813(US Government Resource)

Related News (1 articles)