Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild.
"CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.

attacks can critical critical update crushftp discovery download enterprise escape exploitation exploited file files file transfer flaw in the wild latest security security flaw software system targeted attacks transfer under update version vulnerability zero-day zero-day flaw