CISA adds Wing FTP information disclosure flaw to KEV after active exploitation
CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
What happened
CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Under Binding Operational Directive 22-01, that moves the issue out of routine patch-management territory and into the category of vulnerabilities that federal agencies must remediate on deadline.
The immediate significance is not just that Wing FTP has a disclosure bug. It is that CISA judged there to be enough real-world attacker activity to elevate it into KEV, which is its clearest signal that organisations should treat the issue as a live exposure problem.
Why it matters
Information disclosure flaws are easy to underestimate when they do not sound as dramatic as remote code execution. In practice, though, they can expose sensitive server paths, configuration details, internal structure, or other data that helps attackers move from opportunistic probing into more reliable compromise and follow-on abuse.
Wing FTP also sits on the kind of edge-facing file-transfer infrastructure that often ends up directly exposed to the internet, integrated with internal workflows, and trusted more than it should be. That makes even a seemingly narrower flaw operationally important when active exploitation is already in play.
Assessment
This is a strong archive-worthy KEV item because it combines three things that matter: confirmed exploitation, an internet-facing enterprise service, and a vulnerability class that can accelerate broader intrusion activity even without sounding headline-grabbing on its own. Defenders should read this as an exposure-management signal, not as a minor technical footnote.
The practical question now is whether Wing FTP is present anywhere in production, partner-facing, or legacy environments, and whether teams have treated it as background infrastructure instead of a sensitive external service. KEV inclusion suggests that assumption would now be costly.