In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
https://www.securityweek.com/western-alliance-bank-discloses-data-breach-linked-to-cleo-hack/
https://hackread.com/ransomware-attacks-hit-record-high-in-february-2025/
https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/
https://www.theregister.com/2024/12/10/cleo_vulnerability/
https://therecord.media/multiple-cleo-file-transfer-products-exploited-by-hackers
https://thehackernews.com/2024/12/cleo-file-transfer-vulnerability-under.html
https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory