A Zero-Day Vulnerability in CrushFTP Results in Server Compromise

Threat Advisories

A Zero-Day Vulnerability in CrushFTP Results in Server Compromise

April 26, 2024

Summary:

 The discovery of an actively exploited zero-day vulnerability, CVE-2024-4040, in CrushFTP is concerning. This vulnerability allows unauthenticated attackers to bypass the user’s virtual file system (VFS) and access system files for download.

Threat Level – Red | Vulnerability Report

×

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

 

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.
Sign Up to Receive Our Weekly Threat Digest