Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks www.theregister.com/2025/07/0…

According to CIRCL’s summary: “An authenticated endpoint on the Cl0p operators' staging/collection host passes file-or directory-names received from compromised machines straight into a shell-escape sequence.”

Alexandre Dulaunoy, head of CIRCL, said he doesn’t expect the team that developed the data exfiltration tool to take any corrective action to fix the vulnerability.

Cl0p’s rivals, or other attackers, could feasibly exploit this vulnerability to disrupt the cybercrime group’s operations or even steal its data, all while using its own bespoke tool for stealing files from its targets.