Critical Security Advisory

A critical security issue has been identified in Cerberus FTP Server. We urge customers to download version 12.7.4 and upgrade as soon as possible.


  • All editions (Enterprise, Professional, Standard) of Cerberus FTP Server are affected.
  • HTTP(S) and HTTP(S) Admin listeners are affected by this vulnerability.

Other file transfer protocols (FTP, FTPS, SFTP, SCP) are not affected.

Known Affected Versions

  • Versions 12.7.0, 12.7.1, 12.7.2, and 12.7.3

Version 12.6.0 and earlier are not affected.
Version 11.3.5 and earlier are not affected.


To fix this issue:


If upgrading cannot be done in a timely manner, administrators may mitigate the issue by:

  • Disabling all HTTP(S) listeners. Disabling HTTP(S) Admin listeners or limiting access to trusted IPs.


  • Downgrading to Cerberus FTP Server version 12.6.0