Cybersecurity firm Huntress notes that the patch does not address the vulnerability in Cleo software.

Hackers are reportedly actively exploiting another high-risk vulnerability in Cleo’s software, according to researchers at cybersecurity firm Huntress. The vulnerability is tracked as CVE-2024-50623 and affects a popular Cleo software that companies use to transfer files.

Patch doesn’t help

Cleo first disclosed this vulnerability in a security alert on October 30th. The company previously warned that the exploitation could result in code being executed remotely. This vulnerability affects Cleo’s LexiCom, VLTransfer and Harmony tools. The company has released a patch for this.

However, cybersecurity firm Huntress warned that the patch did not fix the problem and that it had observed “massive abuse of the software by threat actors” since December 3. Security researcher John Hammond said in a statement to TechCrunch: “Cleo protects more than 1,700 LexiCom, VLTransfer and Harmony servers – and has discovered at least 24 companies whose servers have been compromised.”

Currently, affected companies vary widely, ranging from consumer products to logistics and shipping organizations to food suppliers, according to Huntress’ blog. Other customers are also at risk of being hacked.

The threat actor behind these attacks is not yet known. Huntress advises customers to place all Internet-facing systems behind a firewall until Cleo releases a new, working patch.