Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-4040
PUBLISHEDUnauthenticated arbitrary file read and remote code execution in CrushFTP
- Vendor
- CrushFTP
- Product
- CrushFTP
- Published
- Apr 22, 2024
- EPSS
- —
Description
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
- https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
- https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/
- https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
- https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
- https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/
- https://github.com/airbus-cert/CVE-2024-4040
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 24, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4040.yaml | Apr 25, 2025 |
| Nessus | https://www.tenable.com/plugins/nessus/193917 | Apr 26, 2024 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-05-03 23:29:53 UTC · 8 stars
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
github · Created 2024-05-01 14:42:39 UTC · 3 stars
github · Created 2024-04-30 13:27:34 UTC · 3 stars
Exploit CrushFTP CVE-2024-4040
github · Created 2024-04-25 19:51:38 UTC · 57 stars
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
github · Created 2024-04-25 04:45:38 UTC · 13 stars
github · Created 2024-04-23 09:31:29 UTC · 47 stars
Scanner for CVE-2024-4040
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nessus
-
Proof of Concept Exploit Available
-
Detected by Nuclei