CVE-2024-53552 – This vulnerability in CrushFTP allows attackers... (How to Fix)

Q: What is the severity of CVE-2024-53552?

CVE-2024-53552 has a CVSS score of 9.8 (CRITICAL). This vulnerability in CrushFTP allows attackers to bypass password reset mechanisms, potentially leading to complete account takeover. It affects CrushFTP 10 versions before 10.8.3 and CrushFTP 11 versions before 11.2.3. Organizations using vulnerable versions of this file transfer software are at risk.

📋 TL;DR

This vulnerability in CrushFTP allows attackers to bypass password reset mechanisms, potentially leading to complete account takeover. It affects CrushFTP 10 versions before 10.8.3 and CrushFTP 11 versions before 11.2.3. Organizations using vulnerable versions of this file transfer software are at risk.

💻 Affected Systems

Products:

CrushFTP

Versions: CrushFTP 10 before 10.8.3, CrushFTP 11 before 11.2.3

Operating Systems: All platforms running CrushFTP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Crushftp by Crushftp

View all CVEs affecting Crushftp →

Crushftp by Crushftp

View all CVEs affecting Crushftp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to CrushFTP servers, allowing them to steal sensitive files, modify or delete data, and potentially pivot to other systems.

🟠

Likely Case

Unauthorized access to user accounts leading to data exfiltration, privilege escalation, and disruption of file transfer operations.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

While no public PoC exists, the high CVSS score and authentication bypass nature make weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CrushFTP 10.8.3 or 11.2.3

Vendor Advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

Restart Required: Yes

Instructions:

1. Download the latest version from the CrushFTP website. 2. Backup your current installation. 3. Stop the CrushFTP service. 4. Install the update. 5. Restart the CrushFTP service.

🔧 Temporary Workarounds

Disable password reset functionality

all

Temporarily disable password reset features until patching can be completed

🧯 If You Can't Patch

Implement network segmentation to isolate CrushFTP servers
Enable multi-factor authentication for all user accounts

🔍 How to Verify

Check if Vulnerable:

Check CrushFTP version in admin interface or via system logs

Check Version:

Check CrushFTP admin panel or server logs for version information

Verify Fix Applied:

Verify version is 10.8.3 or higher for v10, or 11.2.3 or higher for v11

📡 Detection & Monitoring

Log Indicators:

Unusual password reset attempts
Account access from unexpected locations
Multiple failed login attempts followed by successful reset

Network Indicators:

Unusual traffic patterns to password reset endpoints
Authentication requests from unexpected IP ranges

SIEM Query:

source="crushftp.log" AND ("password reset" OR "account recovery") AND status="success"

📊 Metadata

CVE ID: CVE-2024-53552

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-640

Published: December 10, 2024

Last Updated: June 27, 2025

🔗 References

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53552, you might also want to check these: