The initial security hole is tracked as CVE-2024-50623, but Cleo is working on assigning a new CVE. The vulnerability allows unauthenticated attackers to conduct unrestricted file uploads and downloads, and exploitation can lead to remote code execution. Security firms such as Huntress, Rapid7 and Sophos have reported seeing in-the-wild exploitation against enterprises, including in the retail, food, and shipping industries. Cleo has been scrambling to release patches since the news of exploitation broke and late on Wednesday the company announced the release of Harmony, VLTrader, and LexiCom version 5.8.0.24, which should patch the vulnerability.