CrushFTP has alerted its users about a serious security issue. A vulnerability allows hackers to access unsecured servers over HTTP(S), and the company is urging everyone to update their systems right away.
In an email shared with customers, CrushFTP explained that all versions of CrushFTP v11 are affected but suggested that the DMZ feature can help mitigate the risk for those who can’t update immediately. According to the company’s warning, an exposed HTTP(S) port could lead to unauthorized access. A full patch for the vulnerability was sent out on March 21st, 2025.
Interestingly, cybersecurity firm Rapid7 has noted that both CrushFTP v10 and v11 are at risk, even though CrushFTP initially indicated only v11 was affected. This has raised some concerns regarding the company’s communication on the patch severity and coverage.
A survey using Shodan’s data revealed that over 3,400 CrushFTP servers are currently exposed online, making them easy targets for attackers. However, there is no clear information on how many users have already patched their systems.
This isn’t the first time CrushFTP has dealt with vulnerabilities. In April 2024, the company addressed a zero-day vulnerability that let attackers access sensitive system files. CrowdStrike pointed out that this issue seemed to be related to politically motivated cyber-espionage efforts against U.S. organizations.
In recent years, there has been a noticeable rise in cyberattacks targeting file transfer services like CrushFTP. These platforms have become prime targets for ransomware groups, particularly after incidents involving well-known vulnerabilities in other software like MOVEit and GoAnywhere MFT.
With the increasing frequency of these threats, it’s vital for organizations using file transfer solutions to stay up to date on security patches and maintain robust defensive measures. Authorities like the Cybersecurity and Infrastructure Security Agency (CISA) have taken these vulnerabilities seriously, adding them to their list of known exploited vulnerabilities to ensure that U.S. federal agencies act swiftly.
CrushFTP users need to be vigilant as attackers are constantly evolving their tactics. Keeping software updated and applying security patches should be a top priority for all users. For further insights on securing IT environments, check out this CISA report on known vulnerabilities.
Check out this related article: Unlock Incredible Savings on the Kindle Colorsoft During Amazon’s Big Spring Sale!
Source link