CrushFTP passwords reset vulnerability leads to account takeover
CVE-2024-53552

Currently unrated

Key Information:

Vendor: CrushFTP
Vendor: CVE Published:; 10 December 2024

What is CVE-2024-53552?

A flaw in CrushFTP versions 10 before 10.8.3 and 11 before 11.2.3 involves the improper handling of password reset functionalities, which could lead to unauthorized account access. This vulnerability allows attackers to exploit the weakness in the password reset process, potentially enabling them to takeover user accounts. Organizations using the affected versions of CrushFTP should apply the recommended updates to mitigate the risk of compromise.

References

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 20, 2024