CVE-2025-47813 Wing FTP Server CVE debrief

Who should care

Organizations running Wing FTP Server, especially internet-facing instances; IT and security teams responsible for file transfer services; managed service providers supporting customers that use Wing FTP Server.

Technical summary

The supplied corpus identifies CVE-2025-47813 only as a Wing FTP Server information disclosure vulnerability. No CVSS score or detailed flaw mechanics were provided in the source set. What is confirmed is that CISA marked it as a known exploited vulnerability on 2026-03-16 and associated it with remediation guidance from the vendor and the KEV response timeline.

Defensive priority

High. The CISA KEV listing means this issue should be treated as urgent for exposure review, mitigation, and remediation planning, especially before the 2026-03-30 due date.

Recommended defensive actions

• Check whether Wing FTP Server is deployed anywhere in your environment, including externally hosted or customer-managed instances.
• Review vendor remediation guidance for CVE-2025-47813 and apply it as soon as possible.
• If mitigations are unavailable, follow CISA’s guidance to discontinue use of the product or service.
• Prioritize internet-facing or broadly reachable Wing FTP Server installations for validation and remediation.
• Confirm the issue is remediated before the KEV due date of 2026-03-30.
• Monitor for any vendor updates or revised guidance tied to CVE-2025-47813.

Evidence notes

The source corpus confirms the CVE title, the vulnerability type (information disclosure), and CISA KEV metadata including dateAdded 2026-03-16 and dueDate 2026-03-30. The corpus also references the official CVE record and NVD entry, but it does not include a CVSS score or detailed technical write-up from the vendor advisory text.

Official resources