Critical (CVSS 9.8) Current exposure: Over 1,800 public-facing EFT servers remain unpatched per Shodan scans (2025 data).
Run a discovery scan for any GlobalSCAPE EFT instance that has not received a security patch since 2022. Assume any such system is compromised and investigate accordingly. This report is for informational purposes. Conduct your own penetration testing and legal review for compliance requirements. globalscape digital risk
Digital risk emerges because many organizations continue to run standalone, unmonitored GlobalSCAPE EFT instances that were never migrated or properly hardened post-acquisition. 3.1 Unpatched Vulnerabilities (Technical Risk) GlobalSCAPE products have a documented history of critical flaws. The most notable is CVE-2019-12163 – a pre-authentication SQL injection in the EFT administration interface (port 8443 by default). This vulnerability allows remote attackers to bypass login, create admin users, and exfiltrate file repositories. Critical (CVSS 9