Progress Software has issued a directive to its ShareFile customers, urging them to deactivate their Storage Zone Controllers in response to a significant security risk. The company confirmed to The Hacker News that this measure was taken as a precautionary step while collaborating with security specialists.
Immediate Action and Investigation
As a precautionary measure, Progress has temporarily suspended access to the impacted accounts to ensure user safety. Despite no current evidence of unauthorized access to ShareFile accounts or data, the company began notifying customers promptly after identifying the threat. The specific nature of the threat and its source remain undisclosed.
This precautionary order surfaced when a customer shared the company’s communication on Reddit’s r/sysadmin forum on July 10. Progress corroborated the service disruption on its status page, categorizing Storage Zone Controller accounts as “non-operational” and indicating that an investigation is underway as of the 12:12 p.m. EDT update.
Scope and Implications of the Threat
The security concern exclusively affects Storage Zone Controllers, not standard cloud-only ShareFile accounts. These controllers enable companies to maintain their data on-site while utilizing ShareFile’s cloud for sharing and management. Typically positioned at the network’s edge, these controllers’ internet accessibility makes them both advantageous and vulnerable.
Progress’s instruction to fully disable these controllers instead of merely applying a patch suggests the absence of an immediate fix. This scenario often indicates a newly discovered vulnerability that the company is urgently working to resolve, or it may involve issues such as compromised keys or internal security flaws.
Guidance and Historical Context
Users are advised to adhere strictly to the shutdown directive until Progress provides further information about the threat and confirms when it’s safe to reconnect. It’s crucial to verify that your system is updated to version 5.12.4 or a later release, although this does not guarantee immunity from the current threat.
In case the controller is exposed to the internet, treat it as a potential security incident. Preserve logs, initiate your incident-response protocols, and examine for any unexpected .aspx files within web folders and storage paths.
The ShareFile Storage Zone Controller has faced similar challenges before. In 2023, while under Citrix’s ownership, a flaw (CVE-2023-24489) was exploited, leading CISA to identify it as actively exploited and resulting in Citrix severing unpatched controllers from the ShareFile cloud. Following its acquisition of ShareFile in 2024, Progress has navigated other significant security incidents, including the MOVEit data breach.
Progress continues to work with external experts to resolve the current issue, though the exact nature of the threat and the timeline for resolution remain unclear.
