In early 2025, Hertz Corporation disclosed a significant data breach resulting from vulnerabilities in Cleo's file-transfer software. The breach, which occurred between October and December 2024, led to unauthorized access to sensitive customer data.

Key Facts

Technical Details

The breach exploited two critical vulnerabilities in Cleo's file-transfer products:​

• CVE-2024-50623: An unrestricted file upload and download vulnerability

• CVE-2024-55956: Allows unauthenticated users to execute arbitrary bash or PowerShell commands​

These vulnerabilities were part of a broader exploitation campaign attributed to the Clop ransomware group, which had previously targeted similar file-transfer systems.​

Broader Context

Hertz is among several organizations affected by the Cleo software vulnerabilities. Other companies, such as WK Kellogg and Sam's Club, have also reported incidents linked to the same flaws. The Clop ransomware group, known for its extensive cyberattack campaigns, has listed Hertz on its leak site, although it's unclear if any ransom demands were made.​

Implications

This incident underscores the risks associated with third-party software vulnerabilities, especially in widely used file-transfer systems. Organizations are advised to:​

• Regularly update and patch third-party software

• Monitor for unusual activity in file-transfer systems

• Implement robust incident response plans​

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.