CVE-2023-43177

✓ Confirmed 0-Day

Triaged: March 5, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

76.05%

probability

This CVE has a 76.05% probability of being exploited in the next 30 days.

0% Top 98.9th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-913 · Improper Control of Dynamically-Managed Code Resources

Exploits & PoC

the-emmons/CVE-2023-43177

CrushFTP <= 10.5.1 Remote Code Execution. Researchers: Ryan Emmons, Evan Malamis

1 repo — triés par ⭐ Rechercher sur GitHub ↗

CrushFTP warns users to patch exploited zero-day “immediately”

BleepingComputer Apr 19, 2024

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

TheHackerNews

Signal Intelligence

Confidenceⓘ

92%

EPSS 76.05%

Mentions 2

Last Seen Apr 19, 2024

CNA Information

Analyst Note

CVE-2023-43177 is explicitly labeled as an 'exploited zero-day' by CrushFTP vendor warning. The CVE was published 2023-11-17 with a critical CVSS 9.8 rating, and BleepingComputer reports active exploitation with urgent patching required. The vendor's explicit zero-day characterization combined with documented exploitation and patch availability timing supports confirmed classification.

Triage Info

Decided atMar 05, 2026