CVE-2024-53552
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 10, 2024
Updated: Dec 11, 2024
CWE ID 640
Summary
CVE-2024-53552 is a vulnerability affecting CrushFTP versions 10 before 10.8.3 and 11 before 11.2.3. Malicious actors can exploit this issue by manipulating the password reset functionality, resulting in account takeover without proper authorization. This vulnerability poses a significant risk to organizations using CrushFTP and highlights the importance of applying the necessary security updates to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share