Changeflow GovPing Data Privacy & Cybersecurity CISA Adds Wing FTP Server Vulnerability to KEV ...
Priority review Notice Added Final

CISA Adds Wing FTP Server Vulnerability to KEV Catalog

Favicon for www.cisa.gov CISA ICS-CERT Advisories
Published March 16th, 2026
Detected March 16th, 2026
Email

Summary

CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation and poses significant risks to federal agencies.

View original document View source feed page

What changed

CISA has added CVE-2025-47813, a Wing FTP Server Information Disclosure Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This action is based on evidence of active exploitation and highlights the significant risks such vulnerabilities pose to the federal enterprise. The addition aligns with Binding Operational Directive (BOD) 22-01, which mandates Federal Civilian Executive Branch (FCEB) agencies to remediate vulnerabilities listed in the KEV Catalog.

While BOD 22-01 specifically applies to FCEB agencies, CISA strongly urges all organizations to prioritize the remediation of this vulnerability as part of their routine vulnerability management practices. Organizations should review their systems for the presence of Wing FTP Server and apply necessary patches or mitigations to address CVE-2025-47813 to reduce their exposure to cyberattacks.

What to do next

  1. Review systems for Wing FTP Server and address CVE-2025-47813.
  2. Apply necessary patches or mitigations for CVE-2025-47813.
  3. Prioritize remediation of KEV Catalog vulnerabilities as part of vulnerability management.

Source document (simplified)

Alert

CISA Adds One Known Exploited Vulnerability to Catalog

Release Date

March 16, 2026

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  • CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.

Related changes

Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for news.dli.mt.gov Montana DLI Warns About Phishing Scam
Priority review Mar 17, 2026 news.dli.mt.gov Labor & Employment
Favicon for www.maine.gov Maine Revenue Services Warns of W-2 Phishing Scams
Priority review Mar 17, 2026 revenue Tax
Favicon for www.cert.ssi.gouv.fr CERT-FR: Multiple vulnerabilities in Mattermost Server
Priority review Mar 17, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cisa.gov
CISA ICS-CERT Advisories cisa.gov/rss.xml
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CISA
Published
March 16th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Government agencies Technology companies
Geographic scope
National (US)

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Vulnerability Management Federal Agency Directives

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 163 Consumer Protection 29 Courts & Legal 206 Data Privacy & Cybersecurity 58 Defense & National Security 48 Education 20 Energy 94 Environment 81 Government & Legislation 240 Healthcare 105 Housing 15 Immigration 8 Insurance 16 Labor & Employment 104 Pharma & Drug Safety 68 Securities & Markets 69 Tax 48 Telecom & Technology 34 Trade & Sanctions 113 Transportation 53

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CISA ICS-CERT Advisories publishes new changes.

Free. Unsubscribe anytime.