CVE-2025-47813: CWE-209 Generation of Error Message Containing Sensitive Information in wftpserver Wing FTP Server
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
AI Analysis
Technical Summary
CVE-2025-47813 is a medium-severity vulnerability affecting Wing FTP Server versions prior to 7.4.4. The issue arises from the loginok.html page disclosing sensitive information through error messages when a specially crafted long value is used in the UID cookie. Specifically, the vulnerability is categorized under CWE-209, which involves the generation of error messages containing sensitive information. In this case, the server reveals the full local installation path of the application. This information disclosure occurs without requiring user interaction but does require some level of privileges (PR:L) as indicated by the CVSS vector. The vulnerability has a CVSS 3.1 base score of 4.3, reflecting a low to medium impact primarily on confidentiality, with no impact on integrity or availability. The attack vector is network-based (AV:N), and the attack complexity is low (AC:L), meaning an attacker can exploit this remotely with relative ease once they have the required privileges. Although no known exploits are currently reported in the wild, the disclosure of the full installation path can aid attackers in further reconnaissance and facilitate more targeted attacks such as directory traversal, privilege escalation, or exploitation of other vulnerabilities by revealing the server's directory structure and deployment details. The vulnerability does not require user interaction (UI:N) and does not affect the scope beyond the vulnerable component (S:U).
Potential Impact
For European organizations using Wing FTP Server, this vulnerability poses a moderate risk primarily related to information leakage. Disclosure of the full local installation path can provide attackers with valuable intelligence about the server environment, potentially enabling more sophisticated attacks. While the vulnerability itself does not allow direct compromise of data integrity or availability, it can be a stepping stone for attackers to identify other weaknesses or misconfigurations. Organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, or government agencies, may find this information disclosure particularly concerning as it could aid in targeted attacks. Additionally, compliance with European data protection regulations like GDPR requires minimizing unnecessary exposure of system details that could facilitate breaches. Therefore, even though the immediate impact is limited, the vulnerability could indirectly increase the risk of more severe security incidents if exploited in combination with other vulnerabilities.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize upgrading Wing FTP Server to version 7.4.4 or later, where the issue has been addressed. If immediate patching is not feasible, organizations should implement web application firewall (WAF) rules to detect and block requests with abnormally long UID cookie values that trigger the error message. Additionally, server-side error handling should be reviewed and hardened to avoid leaking sensitive information in error responses. Logging and monitoring should be enhanced to detect unusual access patterns or attempts to exploit this vulnerability. Restricting access to the FTP server management interface and enforcing least privilege principles can reduce the risk of exploitation since the vulnerability requires some level of privileges. Finally, conducting regular security assessments and penetration testing focused on information disclosure vulnerabilities will help identify and remediate similar issues proactively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
CVE-2025-47813: CWE-209 Generation of Error Message Containing Sensitive Information in wftpserver Wing FTP Server
Description
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
AI-Powered Analysis
Technical Analysis
CVE-2025-47813 is a medium-severity vulnerability affecting Wing FTP Server versions prior to 7.4.4. The issue arises from the loginok.html page disclosing sensitive information through error messages when a specially crafted long value is used in the UID cookie. Specifically, the vulnerability is categorized under CWE-209, which involves the generation of error messages containing sensitive information. In this case, the server reveals the full local installation path of the application. This information disclosure occurs without requiring user interaction but does require some level of privileges (PR:L) as indicated by the CVSS vector. The vulnerability has a CVSS 3.1 base score of 4.3, reflecting a low to medium impact primarily on confidentiality, with no impact on integrity or availability. The attack vector is network-based (AV:N), and the attack complexity is low (AC:L), meaning an attacker can exploit this remotely with relative ease once they have the required privileges. Although no known exploits are currently reported in the wild, the disclosure of the full installation path can aid attackers in further reconnaissance and facilitate more targeted attacks such as directory traversal, privilege escalation, or exploitation of other vulnerabilities by revealing the server's directory structure and deployment details. The vulnerability does not require user interaction (UI:N) and does not affect the scope beyond the vulnerable component (S:U).
Potential Impact
For European organizations using Wing FTP Server, this vulnerability poses a moderate risk primarily related to information leakage. Disclosure of the full local installation path can provide attackers with valuable intelligence about the server environment, potentially enabling more sophisticated attacks. While the vulnerability itself does not allow direct compromise of data integrity or availability, it can be a stepping stone for attackers to identify other weaknesses or misconfigurations. Organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, or government agencies, may find this information disclosure particularly concerning as it could aid in targeted attacks. Additionally, compliance with European data protection regulations like GDPR requires minimizing unnecessary exposure of system details that could facilitate breaches. Therefore, even though the immediate impact is limited, the vulnerability could indirectly increase the risk of more severe security incidents if exploited in combination with other vulnerabilities.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize upgrading Wing FTP Server to version 7.4.4 or later, where the issue has been addressed. If immediate patching is not feasible, organizations should implement web application firewall (WAF) rules to detect and block requests with abnormally long UID cookie values that trigger the error message. Additionally, server-side error handling should be reviewed and hardened to avoid leaking sensitive information in error responses. Logging and monitoring should be enhanced to detect unusual access patterns or attempts to exploit this vulnerability. Restricting access to the FTP server management interface and enforcing least privilege principles can reduce the risk of exploitation since the vulnerability requires some level of privileges. Finally, conducting regular security assessments and penetration testing focused on information disclosure vulnerabilities will help identify and remediate similar issues proactively.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-05-10T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686ff1d3a83201eaaca8df04
Added to database: 7/10/2025, 5:01:07 PM
Last enriched: 7/10/2025, 5:16:09 PM
Last updated: 7/11/2025, 2:14:38 AM
Views: 3
Related Threats
CVE-2025-7435: Cross Site Scripting in LiveHelperChat lhc-php-resque Extension
MediumCVE-2025-53864: CWE-674 Uncontrolled Recursion in Connect2id Nimbus JOSE+JWT
MediumCVE-2025-7434: Stack-based Buffer Overflow in Tenda FH451
HighCVE-2025-7423: Stack-based Buffer Overflow in Tenda O3V2
HighCVE-2025-7422: Stack-based Buffer Overflow in Tenda O3V2
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.