Critical Security Advisory
A critical security issue has been identified in Cerberus FTP Server. We urge customers to download version 12.7.4 and upgrade as soon as possible.
- All editions (Enterprise, Professional, Standard) of Cerberus FTP Server are affected.
- HTTP(S) and HTTP(S) Admin listeners are affected by this vulnerability.
Other file transfer protocols (FTP, FTPS, SFTP, SCP) are not affected.
Known Affected Versions
- Versions 12.7.0, 12.7.1, 12.7.2, and 12.7.3
Version 12.6.0 and earlier are not affected.
Version 11.3.5 and earlier are not affected.
To fix this issue:
If upgrading cannot be done in a timely manner, administrators may mitigate the issue by:
- Disabling all HTTP(S) listeners. Disabling HTTP(S) Admin listeners or limiting access to trusted IPs.
- Downgrading to Cerberus FTP Server version 12.6.0