CVE-2025-47813 Information

Description

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Reference

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47813.txt https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ https://www.wftpserver.com

Related CNNVD

CNNVD-202507-1512 (Published: 2025-07-10)