Security News > 2024 > April > CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)
2024-04-23 09:50
A vulnerability in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike.
According to Censys, there are currently 9,600+ publicly-exposed CrushFTP hosts, mostly in North America and Europe.
CrushFTP sent out notices about CVE-2024-4040 to customers on Friday.
Customers still running CrushFTP v9 should upgrade to version v11.1.0.
Customers using a DMZ in front of their main CrushFTP instance are only partially protected.
These attacks against CrushFTP hosts seem to be reconnaissance efforts.
News URL
https://www.helpnetsecurity.com/2024/04/23/cve-2024-4040/
Related news
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-22 | CVE-2024-4040 | Code Injection vulnerability in Crushftp A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 10.0 |