A Zero-Day Vulnerability in CrushFTP Results in Server Compromise
A Zero-Day Vulnerability in CrushFTP Results in Server Compromise
Summary:
The discovery of an actively exploited zero-day vulnerability, CVE-2024-4040, in CrushFTP is concerning. This vulnerability allows unauthenticated attackers to bypass the user’s virtual file system (VFS) and access system files for download.
Threat Level – Red | Vulnerability Report
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.