Security News > 2023 > October > Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept exploit for a maximum severity remote code execution vulnerability in Progress Software's WS FTP Server file sharing platform.
"This vulnerability turned out to be relatively straight forward and represented a typical.NET deserialization issue that led to RCE. It's surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS FTP are vulnerable," Assetnote said.
"We have addressed the vulnerabilities above and the Progress WS FTP team strongly recommends performing an upgrade," Progress warned at the time.
Progress warns of maximum severity WS FTP Server vulnerability.
Exploit released for critical VMware SSH auth bypass vulnerability.
Exploit released for Ivanti Sentry bug abused as zero-day in attacks.
News URL
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- How cybercriminals exploit psychological triggers in social engineering attacks (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (source)