By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: CrushFTP warns users to patch unauthenticated access flaw immediately
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > CrushFTP warns users to patch unauthenticated access flaw immediately
Tech News

CrushFTP warns users to patch unauthenticated access flaw immediately

By admin 3 Min Read
Share
SHARE

CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately.

As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S).

“Please take immediate action to patch ASAP. A vulnerability has been addressed today (March 21st, 2025). All CrushFTP v11 versions were affected. (No earlier versions are affected.) A CVE will be generated soon,” the company warned.

“The bottom line of this vulnerability is that an exposed HTTP(S) port could lead to unauthenticated access. The vulnerability is mitigated If you have the DMZ feature of CrushFTP in place.”

While the email says this vulnerability only affects CrushFTP v11 versions, an advisory issued on the same day says that both CrushFTP v10 and v11 are impacted, as cybersecurity company Rapid7 first noted.

As a workaround, those who can’t immediately update CrushFTP v11.3.1+ (which fixes the flaw) can enable the DMZ (demilitarized zone) perimeter network option to protect their CrushFTP instance until security updates can be deployed.

According to Shodan, over 3,400 CrushFTP instances have their web interface exposed online to attacks, although BleepingComputer couldn’t determine how many have already been patched.

Internet exposed CrushFTP instances
<em>Internet-exposed CrushFTP instances (Shodan)</em>

​In April 2024, CrushFTP also released security updates to patch an actively exploited zero-day vulnerability (CVE-2024-4040) that allowed unauthenticated attackers to escape the user’s virtual file system (VFS) and download system files.

At the time, cybersecurity company CrowdStrike found evidence pointing to an intelligence-gathering campaign, likely politically motivated, with the attackers targeting CrushFTP servers at multiple U.S. organizations.

CISA added CVE-2024-4040 to its Known Exploited Vulnerabilities catalog, ordering U.S. federal agencies to secure vulnerable servers on their networks within a week.

In November 2023, CrushFTP customers were also warned to patch a critical remote code execution vulnerability (CVE-2023-43177) in the company’s enterprise suite after Converge security researchers who reported the flaw released a proof-of-concept exploit three months after the flaw was addressed.

File transfer products like CrushFTP are attractive targets for ransomware gangs, specifically Clop, which was linked to data theft attacks targeting zero-day vulnerabilities in MOVEit Transfer, GoAnywhere MFT, Accelion FTA, and Cleo software.

Red Report 2025

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

You Might Also Like

Levoit Aero Cordless Vacuum Review: Self-Emptying Base

Claude Haiku 4.5 Review: Features, Performance & Real-World Costs

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Girls in Single-Sex Schools Face Major STEM Access Gap

The ‘Surge’ of Troops May Not Come to San Francisco, but the City Is Ready Anyway

TAGGED: CrushFTP, FTP, Vulnerability, Warning
Share This Article
Facebook Twitter Copy Link
Previous Article Jadon Sancho now playing for his Chelsea future but it may be over already – opinion
Next Article Samsung Odyssey: Next-Gen 3D and OLED Gaming Monitors
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Ripple CTO Schwartz Revisits NSA Past And Satoshi Speculation
Crypto
Levoit Aero Cordless Vacuum Review: Self-Emptying Base
Tech News
Eurozone private sector logs strongest growth in over two years
Business
Job growth: Which European regions are rising fastest?
World News
Shock at $100,000 fee to contest Guinea elections to replace junta
World News
Discussions begin in La Alma Lincoln Park on Broncos’ proposed Burnham Yard stadium
Business
JPMorgan Chase to start accepting Bitcoin, Ethereum as loan collateral: report
Crypto

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Ripple CTO Schwartz Revisits NSA Past And Satoshi Speculation

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Ripple CTO Schwartz Revisits NSA Past And Satoshi Speculation
October 24, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?