vulnerability
CrushFTP: CVE-2024-4040: VFS Sandbox Escape in CrushFTP
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 22, 2024 | Apr 24, 2024 | Apr 2, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 22, 2024
Added
Apr 24, 2024
Modified
Apr 2, 2025
Description
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
Solution
crushftp-cve-2024-4040

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.