Servers banner

More Than 1,400 CrushFTP Servers at Risk Due to Critical Bug

2 Mins Read

PUREVPNNewsMore Than 1,400 CrushFTP Servers at Risk Due to Critical Bug

A critical vulnerability in 1,400+ exposed CrushFTP servers has sparked major security concerns. Identified as CVE-2024-4040, this flaw (previously exploited as a zero-day) allows unauthenticated attackers to remotely execute code or access files on vulnerable systems. 

CrushFTP urgently recommends updates to prevent exploitation that could compromise system files. Learn more about the flaw and how you can stay safe below.

Details About the Vulnerability

The security flaw was rated with critical severity by the vulnerability research team at Rapid7, who highlighted its potential for severe impact due to the simplicity of its exploitation. “This vulnerability is fully unauthenticated and trivially exploitable,” Rapid7 stated. 

They further elaborated that successful exploitation could lead to arbitrary file reading with root permissions, administrator account access without authentication, and comprehensive remote code execution.

Current Exposure and Impact

Security analysts from Shadowserver have pinpointed 1,401 CrushFTP servers that remain unpatched and exposed online, with the highest numbers located in the United States (725), Germany (115), and Canada (108). Moreover, a total of 5,232 CrushFTP servers are visible on the internet, though it remains unclear how many are susceptible to this vulnerability. 

CrushFTP Servers Exposed to Attacks (Source: Shadowserver)

In a recent report released by cybersecurity firm CrowdStrike, it was noted that the vulnerability has been actively exploited in targeted attacks against multiple U.S. organizations. These attacks seem to be politically motivated and focused on intelligence gathering. 

How to Stay Safe

To ensure security, CrushFTP users should visit the vendor’s website regularly for the most recent updates and prioritize installing patches to defend against these ongoing threats.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-4040 to its Known Exploited Vulnerabilities catalog, mandating that U.S. federal agencies must secure their servers by May 1st.

A similar call to action was issued in November when CrushFTP users were advised to address another critical RCE vulnerability (CVE-2023-43177), following the release of a proof-of-concept exploit by Converge security researchers.

Final Word

Update your CrushFTP servers promptly to mitigate this critical vulnerability and protect your systems from potential cyber threats. Stay vigilant and ensure your defenses are up to date!


Anas Hasan


April 26, 2024


2 months ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.