: They release public patches for critical vulnerabilities and private patches for specific customer needs. Release Notes : Vulnerability fixes, such as the recent patching of CVE-2025-15467 (OpenSSL upgrade), are documented in their official EFT Release Notes White Papers & Guides
If immediate patching is not possible, disabling the Terms of Service module in the EFT administration interface can mitigate the specific attack vector. globalscape terms patched
→ You must update your build first before applying. : They release public patches for critical vulnerabilities
Versions such as 8.1.0.9 expanded REST API endpoints, allowing for programmatic GET/PATCH operations on templates and connection profiles. Patching Policies and Lifecycle Versions such as 8
Subsequent patches did not merely fix the specific lines of code allowing RCE; they also hardened the environment. Globalscape introduced stricter AppLocker-like restrictions to limit where the EFT service could execute binaries. This "defense in depth" approach ensures that even if a deserialization flaw exists, the attacker cannot easily execute their payload.