Full Report
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security
Analysis Summary
# Vulnerability: Urgent Progress ShareFile Storage Zone Controller Security Threat
## CVE Details
- **CVE ID**: Not yet assigned (Currently identified as a "credible external security threat")
- **CVSS Score**: N/A (Likely Critical based on remediation urgency)
- **CWE**: Unknown (Zero-day suspected)
## Affected Systems
- **Products**: Progress ShareFile Storage Zone Controller (Windows-based)
- **Versions**: All versions; specifically noted vulnerabilities in versions prior to 5.12.4 and 6.x.
- **Configurations**: On-premises Storage Zone Controllers exposed to the internet. (Note: Cloud-only ShareFile accounts are **not** affected).
## Vulnerability Description
While technical details of the specific flaw have not been released by Progress Software, the incident involves a "credible external security threat." The urgency of the "shutdown" order implies a high-severity vulnerability—potentially an unauthenticated remote code execution (RCE) or authentication bypass—similar to those historically found in the product. The exploit target is the Storage Zone Controller, which resides at the network edge to manage private file storage while interfacing with the ShareFile cloud.
## Exploitation
- **Status**: Credible external threat reported; likely exploitation in the wild or immediate zero-day risk.
- **Complexity**: Low to Medium (based on historical exploits of this product).
- **Attack Vector**: Network (Internet-facing edge servers).
## Impact
- **Confidentiality**: High (Potential unauthorized access to managed storage).
- **Integrity**: High (Risk of unauthorized file manipulation or system compromise).
- **Availability**: High (Systems currently forced offline by vendor order).
## Remediation
### Patches
- **No current patch available** for this specific threat.
- Ensure systems are at least updated to **5.12.4** or **6.x** to address unrelated historical vulnerabilities, though these versions remain subject to the current shutdown order.
### Workarounds
- **Immediate Shutdown**: Shut down Windows servers running Storage Zone Controllers immediately.
- **Access Blocked**: Progress has temporarily disabled access to affected accounts "out of an abundance of caution."
- **Network Isolation**: Ensure these controllers are unreachable from the internet until further notice.
## Detection
- **Indicators of Compromise (IoC)**: Check for unfamiliar `.aspx` files in web folders and storage paths.
- **Detection Methods**:
- Review system and web server logs for unusual activity or unauthorized access attempts.
- Monitor for unexpected outbound connections from the Storage Zone Controller.
- Preserve all logs before shutting down for forensic analysis.
## References
- Progress ShareFile Status Page: hxxps[://]status[.]sharefile[.]com/
- Original Report: hxxps[://]thehackernews[.]com/2026/07/urgent-progress-tells-sharefile[.]html
- Reddit Community Alert: hxxps[://]www[.]reddit[.]com/r/sysadmin/comments/1usohco/psa_shutdown_your_sharefile_storage_zone/