22 April 2024

CrushFTP patches actively exploited zero-day


CrushFTP patches actively exploited zero-day

Developers behind the CrushFTP enterprise file transfer software have urged users to update to the latest version due to the discovery of a zero-day vulnerability said to have been actively exploited in the wild.

The flaw, which has yet to receive a CVE identifier, is an external control of file name or path issue that can lead to remote code execution.

“CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files. This has been patched in v11.1.0.,” the team said, noting that those using a DMZ (demilitarized zone) perimeter network in front of their main CrushFTP instance are protected against attacks.

While CrushFTP didn’t indicate that the flaw was exploited, in a post on Reddit, cybersecurity company CrowdStrike said it observed an exploit for the vulnerability being used in the wild in a “targeted fashion.”

According to CrowdStrike, the flaw is being exploited in attacks targeting CrushFTP servers at multiple US entities by possibly politically motivated cyberespionage group.


Back to the list

Latest Posts

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

The flaw involves Foxit PDF Reader's handling of pop-up messages.
20 May 2024
China-linked APT group uses malware to spy on commercial shipping

China-linked APT group uses malware to spy on commercial shipping

Mustang Panda infiltrated the computer systems of cargo shipping companies in Norway, Greece, and the Netherlands.
20 May 2024
The Grandoreiro malware is back up and running after January disruption

The Grandoreiro malware is back up and running after January disruption

Grandoreiro now targets over 1,500 banks worldwide, spanning more than 60 countries across Central and South America, Africa, Europe, and the Indo-Pacific region.
20 May 2024