Wing FTP Server versions prior to 7.4.4 are exposed to a confirmed, actively exploited two-stage attack chain: CVE-2025-47813 (CVSS 7.5, CISA KEV confirmed) leaks the server’s local installation path via a malformed UID cookie error response, directly enabling CVE-2025-47812 (CVSS 10.0) remote code execution. CISA has confirmed in-the-wild exploitation and mandated federal civilian agency remediation by March 30, 2026. All organizations running Wing FTP Server prior to 7.4.4 should upgrade immediately and isolate any unpatched instances pending remediation.