Exploitation of Cleo file transfer software vulnerabilities reported
/ 1 min read
🔍 Widespread exploitation of Cleo file transfer software raises security concerns. Security firms have reported active exploitation of vulnerabilities in Cleo’s file transfer products, including Cleo VLTrader, Cleo Harmony, and Cleo LexiCom, due to an insufficient patch for CVE-2024-50623. This vulnerability allows for unauthenticated remote code execution, posing significant risks to users. Despite Cleo’s previous claims that version 5.8.0.21 resolved the issue, it remains vulnerable, prompting the company to issue a new advisory. Security experts recommend that affected customers remove these products from public access and disable certain features to mitigate risks. Investigations into post-exploitation activities are ongoing, with recommendations for users to review their systems for suspicious activity dating back to early December.
