Security Advisory

CrushFTP Security Update Advisory (CVE-2024-53552)

  • Dec 26 2024

Overview

 

We have released a security update to address a vulnerability in CrushFTP. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

 

CVE-2024-53552

  • CrushFTP 10 Versions (prior to 10.8.3)
  • CrushFTP 11 versions (prior to 11.2.3)

 

 

Resolved Vulnerabilities

 

Password reset email vulnerability (CVE-2024-53552) that could lead to account compromise when a user clicks a link

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2024-53552

  • CrushFTP 10.8.3 or later
  • CrushFTP 11.2.3 or later

 

 

References

 

[1] CVE-2024-53552 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-53552

[2] CrushFTP

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

Tags:

Previous Post

Next Post