EXCLUSIVE: CRITICAL FTP SERVER FLAW NOW ACTIVE IN WILDCYBER ATTACKS, LEAKING SERVER PATHS FOR MAJOR DATA BREACH
A seemingly minor vulnerability in a widely used file transfer server is now a confirmed weapon in the hacker arsenal, creating a dangerous stepping stone for catastrophic ransomware and data breach campaigns. The U.S. Cybersecurity and Infrastructure Security Agency has formally added the Wing FTP server flaw to its urgent Known Exploited Vulnerabilities catalog, signaling active, real-world attacks.
The vulnerability, tagged as CVE-2025-47813, is an information disclosure bug that leaks the full installation path of the server. While rated medium severity, its danger is profound: this path information is a critical reconnaissance prize. Attackers are using this leak to precisely target a separate, maximum-severity remote code execution flaw in the same software, turning two bugs into a single, deadly exploit chain. All versions before 7.4.4 are vulnerable.
"This is a classic case of a 'low and slow' attack vector," explained a senior threat intelligence analyst. "The path leak from the UID cookie is the digital equivalent of a burglar finding the blueprint to your safe. It doesn't break in by itself, but it tells them exactly where and how to strike with the main event—a remote code execution that can deploy malware or ransomware." Researchers confirmed attackers have already used this chain to download malicious scripts and install remote access tools.
For any organization using Wing FTP, this is a five-alarm cybersecurity fire. The leaked server path dramatically lowers the barrier for exploiting the critical companion vulnerability, enabling full system takeover. In an era of sophisticated phishing campaigns and zero-day hunting, leaving this unpatched is an open invitation for a crypto-locking ransomware event or a massive data breach. The mandated patch deadline for federal agencies is March 2026, but attackers are moving NOW.
We predict this vulnerability pair will be rapidly integrated into automated attack kits, targeting businesses for extortion. This incident underscores a brutal truth in blockchain security and beyond: perimeter defenses are only as strong as their most overlooked component.
Patch immediately or prepare to be plundered.
