Skip to main content

Progress Software Addresses a Security Threat to ShareFile Storage Zone Controllers

Progress Software urgers customers to manually shut down Windows servers hosting Storage Zone Controllers

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Progress Software urgers customers to manually shut down Windows servers hosting Storage Zone Controllers


Threat details

Introduction

Progress Software has issued an urgent security warning to ShareFile (formerly known as Citrix ShareFile) customers using Storage Zone Controllers in response to a credible external security threat targeting the on-premises file-sharing platform. At this time, Progress states that it has found no evidence of unauthorised access to ShareFile accounts or customer data. However, as a precautionary measure, it has temporarily disabled access to affected ShareFile accounts while it works with internal and external cybersecurity experts to investigate the threat.


Remediation advice

Affected organisations are encouraged to review Progress ShareFile's Urgent Security Warning and apply following remediation steps as soon as possible.


Remediation steps

Type Step
Action

Manually shut down Windows servers hosting Storage Zone Controllers. Keep them offline until Progress provides further guidance on when it is safe to restart.


Action

Verify that your deployment is running Storage Zone Controller version 5.12.4 or later on the 5.x branch, or a supported 6.x release. While this addresses vulnerabilities disclosed earlier this year, Progress has not confirmed that upgrading alone mitigates the current threat and organisations should not treat this as approval to restart affected systems.


Action

If a Storage Zone Controller is or has been accessible from the internet, treat the situation as a potential security incident. Preserve relevant logs, initiate your incident response procedures, and investigate for signs of compromise y reviewing web directories and storage locations for unfamiliar or unauthorised .aspx files or other unexpected artefacts. 



Last edited: 13 July 2026 12:45 pm