CISA warns of attacks on Wing FTP

IT managers who rely on Wing FTP for data transfer should ensure they are using an up-to-date version of the software. Attacks are currently underway on the internet targeting a security vulnerability in outdated versions.

The US cybersecurity agency CISA warns about this. It has added the vulnerability to its "Known Exploited Vulnerabilities" catalog. It is a security vulnerability that reveals the local installation path of the app when attackers use a very long value in the UID cookie (CVE-2025-47813, CVSS4 5.3, risk "medium"). It is unclear how attackers can specifically exploit this and to what extent. CISA does not disclose such information. However, the vulnerability provides malicious actors with information that can be used to exploit further vulnerabilities.

The security vulnerability became known in mid-last year, along with a vulnerability that allowed the injection of malicious code from the network. No login was even required for this (CVE-2025-47812, CVSS 10, risk "critical"). In July last year, IT researchers from Huntress reported that they observed attacks on this security vulnerability.

Updated Software Version

The vulnerabilities affect Wing FTP prior to the corrected version 7.4.4, which has been available since last May. Version 8.1.2 of Wing FTP is now current and available for download on the download page for Linux, macOS, and Windows. IT managers should migrate to this version to close any further security gaps and reduce the attack surface.

Data transfer software is currently a high-priority target for cybercriminals. They attempt to break into company IT systems through vulnerabilities and steal data. Subsequently, they extort the companies: if a ransom is paid, they will delete the data; without payment, they threaten to publish the data. The cyber gang Cl0p, for example, became known for exploiting a security vulnerability in the MOVEit data transfer software to break into the IT systems of hundreds of companies and copy data.

(dmk)