CrushFTP Urges Immediate Patching for Exploited Zero-Day Vulnerability
CrushFTP has issued a warning to its users regarding an actively exploited zero-day vulnerability, urging immediate patching. The flaw allows unauthenticated attackers to access system files beyond the user’s virtual file system. However, those using a DMZ perimeter network are partially shielded. Users are advised to update to versions 10.7.1 or 11.1.0. The vulnerability, disclosed by Airbus CERT, has already been exploited in targeted attacks on U.S. organizations, potentially for intelligence gathering. CrowdStrike corroborated the exploit’s use in targeted attacks and advised continuous monitoring and patching. This incident follows a previous warning in November regarding a critical remote code execution vulnerability.