Citrix and Progress Software: URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Citrix and Progress Software: URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software Orders Emergency Shutdown of ShareFile Storage Zone Controllers Amid Security Threat

Progress Software has instructed customers to immediately take offline all Windows servers running ShareFile Storage Zone Controllers, citing a "credible external security threat." The company disabled access to affected accounts as a precautionary measure while collaborating with internal and external security experts to investigate the incident.

The disruption came to light on July 10 after a customer shared Progress’s advisory on Reddit’s r/sysadmin. Progress later confirmed the issue on its status page, marking Storage Zone Controllers as "not operational" and the incident as under active investigation. The company has not disclosed the nature of the threat, its origin, or whether any data has been compromised though it stated there is no evidence of unauthorized access to ShareFile accounts or cloud-stored data.

The Storage Zone Controller, a self-hosted component that allows organizations to retain files on their own infrastructure while using ShareFile’s cloud for management, is the sole affected system. Unlike standard cloud-only ShareFile accounts, these controllers are typically exposed to the internet, increasing their vulnerability. Progress’s decision to mandate a full shutdown rather than issuing a patch suggests the threat may involve an unpatched zero-day flaw, stolen credentials, or an issue within Progress’s own systems.

Customers are advised to keep controllers offline until further notice and verify they are running ShareFile Storage Zones Controller version 5.12.4 or later (5.x line) or any 6.x release, which address previously disclosed vulnerabilities. However, Progress has not confirmed whether these updates mitigate the current threat. Organizations with internet-exposed controllers should treat the situation as a potential incident, preserve logs, and scan for unauthorized .aspx files in web directories and storage paths.

This is not the first time the Storage Zone Controller has been targeted. In 2023, while under Citrix’s ownership, attackers exploited CVE-2023-24489, an unauthenticated flaw in the same component. The vulnerability was actively exploited, prompting Citrix to sever unpatched controllers from the ShareFile cloud a step Progress has now replicated. Progress itself faced a major breach last year via the MOVEit file-transfer zero-day, which the Clop ransomware group leveraged to compromise over 2,700 organizations.

As of now, Progress has not provided a timeline for resolution or details on the threat’s specifics, leaving customers in limbo regarding when they can safely restore operations.

Source: https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html

Citrix cybersecurity rating report: https://www.rankiteo.com/company/citrix

Progress Software cybersecurity rating report: https://www.rankiteo.com/company/progress-software

"id": "CITPRO1783931784",
"linkid": "citrix, progress-software",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Customers using ShareFile '
                                              'Storage Zone Controllers',
                        'industry': 'Software',
                        'name': 'Progress Software',
                        'type': 'Company'}],
 'attack_vector': 'Internet-exposed Storage Zone Controllers',
 'customer_advisories': 'Customers using ShareFile Storage Zone Controllers '
                        'must shut down affected systems and verify software '
                        'versions.',
 'data_breach': {'file_types_exposed': '.aspx files'},
 'date_detected': '2024-07-10',
 'date_publicly_disclosed': '2024-07-10',
 'description': 'Progress Software has instructed customers to immediately '
                'take offline all Windows servers running ShareFile Storage '
                "Zone Controllers, citing a 'credible external security "
                "threat.' The company disabled access to affected accounts as "
                'a precautionary measure while collaborating with internal and '
                'external security experts to investigate the incident. The '
                'disruption was first reported on July 10, and Progress '
                'confirmed the issue on its status page, marking Storage Zone '
                "Controllers as 'not operational.' The nature of the threat, "
                'its origin, and whether any data has been compromised remain '
                'undisclosed, though there is no evidence of unauthorized '
                'access to ShareFile accounts or cloud-stored data.',
 'impact': {'downtime': 'Not operational',
            'operational_impact': 'Mandated shutdown of affected systems',
            'systems_affected': 'ShareFile Storage Zone Controllers'},
 'investigation_status': 'Active investigation',
 'recommendations': 'Keep Storage Zone Controllers offline until further '
                    'notice, verify software versions, preserve logs, and scan '
                    'for unauthorized .aspx files.',
 'references': [{'date_accessed': '2024-07-10',
                 'source': 'Reddit (r/sysadmin)'},
                {'date_accessed': '2024-07-10',
                 'source': 'Progress Software Status Page'}],
 'response': {'communication_strategy': 'Advisory on Reddit and company status '
                                        'page',
              'containment_measures': 'Disabled access to affected accounts, '
                                      'mandated shutdown of Storage Zone '
                                      'Controllers',
              'enhanced_monitoring': 'Preserve logs and scan for unauthorized '
                                     '.aspx files',
              'incident_response_plan_activated': 'Yes',
              'remediation_measures': 'Advised customers to verify software '
                                      'versions (5.12.4 or later, or any 6.x '
                                      'release)',
              'third_party_assistance': 'Internal and external security '
                                        'experts'},
 'stakeholder_advisories': 'Customers advised to take Storage Zone Controllers '
                           'offline and follow security recommendations.',
 'title': 'Progress Software Orders Emergency Shutdown of ShareFile Storage '
          'Zone Controllers Amid Security Threat',
 'type': 'Security Threat'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.