CVE-2025-47813 Scanner

CVE-2025-47813 Scanner - Information Disclosure vulnerability in Wing FTP Server

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

8 days 10 hours

Scan only one

URL

Toolbox

-

Wing FTP Server is a versatile file transfer server that is widely used by organizations to securely transfer files. Developed by Wing Software, it supports multiple protocols such as FTP, HTTP, FTPS, HTTPS, and SFTP, making it adaptable to various user needs. Companies often use it to securely handle, transfer, and store large amounts of data. This server is particularly useful in environments that require a stable and reliable file transfer solution. With support for IPv6 and modern encryption algorithms, it ensures the safe transfer of files over the internet or private networks. Due to its extensive feature set and compatibility, Wing FTP Server is trusted by enterprises across different sectors including finance, healthcare, and education.

The vulnerability in Wing FTP Server, prior to version 7.4.4, involves an information disclosure risk due to improper validation of the UID session cookie. An attacker with valid authentication credentials can exploit this flaw by supplying an overly long UID value. The vulnerability occurs in the /loginok.html endpoint, where the improper handling could reveal critical server details. The error message returned when the vulnerability is triggered includes the server's local filesystem path. This information can be utilized by attackers to further exploit the server, potentially leading to more severe vulnerabilities being exposed.

Technical details of the vulnerability reveal that it is rooted in the way the UID session cookie is managed within Wing FTP Server. By sending a POST request with an overlong UID value to the /loginok.html endpoint, the server is tricked into revealing its internal directory structure. The vulnerability particularly impacts Windows systems where file paths are disclosed in error messages when the fault condition is triggered. This mechanism allows an authenticated attacker to gain insights into the server environment without needing more advanced hacking techniques. The presence of specific words such as 'Server Path', 'Error', and directory symbols like '\ ' or '/' in the server's response body indicates the success of the exploit.

Exploitation of this vulnerability by malicious actors can lead to significant impacts on system security. Attackers can gain insights into the file system structure, which can aid in crafting more targeted attacks against the server. This can potentially lead to unauthorized access to sensitive files and directories. Knowledge of the server's file structure can also enable attackers to plan further exploits to run arbitrary code or extract confidential information. Maintaining the confidentiality and integrity of the file transfer server could be severely compromised if the vulnerability is left unaddressed.

REFERENCES

Get started to protecting your digital assets