CrushFTP warns users to patch exploited zero-day “immediately”

CrushFTP Urges Immediate Patching for Exploited Zero-Day Vulnerability

CrushFTP has issued a warning to its users regarding an actively exploited zero-day vulnerability, urging immediate patching. The flaw allows unauthenticated attackers to access system files beyond the user’s virtual file system. However, those using a DMZ perimeter network are partially shielded. Users are advised to update to versions 10.7.1 or 11.1.0. The vulnerability, disclosed by Airbus CERT, has already been exploited in targeted attacks on U.S. organizations, potentially for intelligence gathering. CrowdStrike corroborated the exploit’s use in targeted attacks and advised continuous monitoring and patching. This incident follows a previous warning in November regarding a critical remote code execution vulnerability.

Read more

Sign up to receive daily content in your inbox

We don’t spam! Read our privacy policy for more info.

Share This Article

Leave Comment

Your email address will not be published. Required fields are marked *

Daily Newsletter

Subscribe to our free daily newsletter to get the latest summarized updates