CrushFTP zero-day alert – patch now

[oceanstack]

Heads up—there’s a zero-day in CrushFTP that’s being actively exploited. If you’re not using their DMZ proxy setup, attackers can remotely grab admin access via HTTPS. Versions before 10.8.5 and 11.3.4_23 are affected.

Already being used in the wild since mid-July. Patch ASAP and check your logs!

[biglyburrito]

If you're going to post about a zero-day, don't post without a link to a source where details are available.

[sejje]

Disagree. I mean that's nice, but now that I know about the zero day, I can find the link to a source myself in about 10 seconds.

[KomoD]

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Compromis...

[LargoLasskhyfv]

Hrr...Enterprise Grade...Java...Pricing...