Protect.Computer
NEWS

CISA adds Wing FTP CVE-2025-47813 to KEV catalog after active exploitation

· 0 min read · Network safety Device safety
CISA adds Wing FTP CVE-2025-47813 to KEV catalog after active exploitation

Photo by protect.computer (custom alert graphic) on protect.computer

What happened

CISA added CVE-2025-47813 (Wing FTP Server information disclosure vulnerability) to its Known Exploited Vulnerabilities (KEV) catalog.

A KEV listing means defenders should treat this as active attacker tradecraft, not a theoretical issue.

Why this matters

Wing FTP is often internet-facing or reachable from partner networks. Information disclosure flaws can provide attackers with sensitive server data that accelerates follow-on compromise.

For organizations running exposed file transfer infrastructure, KEV additions usually compress patch timelines.

What defenders should do now

  1. Inventory all Wing FTP instances (including legacy and shadow IT deployments).
  2. Patch/remediate CVE-2025-47813 according to vendor guidance.
  3. Restrict management interfaces to trusted networks only.
  4. Hunt logs for unusual probing, path disclosure attempts, and suspicious auth behavior.
  5. Add temporary compensating controls (WAF/access restrictions) where patch windows are delayed.

Bottom line

When CISA adds a CVE to KEV, speed matters. If Wing FTP is in your environment, prioritize remediation as an active-risk event.

Related reading

News
CISA adds CVE-2025-53521 (F5 BIG-IP APM) to KEV after active exploitation

CISA added CVE-2025-53521 affecting F5 BIG-IP APM to the KEV catalog, signaling active exploitation and urgent patch/mitigation action.

News
CISA adds two Google Chrome zero-days to KEV catalog

CISA added CVE-2026-3909 and CVE-2026-3910 in Google Chrome to KEV, signaling active exploitation risk.

News
CISA flags SolarWinds, Ivanti, and Workspace ONE flaws as actively exploited

CISA added three actively exploited vulnerabilities—CVE-2025-26399, CVE-2026-1603, and CVE-2021-22054—to the KEV catalog, with near-term federal remediation deadlines.

News
CISA flags 5 actively exploited flaws in Apple, Craft CMS, and Laravel Livewire

CISA added five newly exploited CVEs to KEV, including Apple memory-corruption bugs and unauthenticated code-injection flaws in Craft CMS and Laravel Livewire.