A new vulnerability in Cl0p’s Python data-exfiltration utility could allow attackers to execute remote commands and potentially attack the group’s infrastructure. This flaw, due to improper input validation, remains unpatched and poses a risk of internal disruption or sabotage. #Cl0p #MOVEit #RansomwareOperations
Keypoints
- A severe vulnerability (GCVE-1-2025-0002) was discovered in Cl0p’s data-exfiltration tool, rated 8.9 on CVSS scale.
- The flaw stems from improper input validation, allowing potential remote command execution.
- Cl0p’s operators are unlikely to fix the vulnerability, exposing their infrastructure to threats.
- The exploited utility played a key role in Cl0p’s MOVEit lateral movement campaigns in 2023-2024.
- This flaw could enable rival groups or security researchers to sabotage or intercept Cl0p’s operations.
Read More: https://gbhackers.com/cl0p-ransomwares-exfiltration-process-exposes-rce-vulnerability/