The Perils of FTP: Why Legacy File Transfer is Not Safe
FTP was once a go-to transfer protocol. ‘Simple,’ ubiquitous, but for modern transfer of intellectual content and data it is perilous for businesses. It’s a bit of a broken record, but once again, FTP is in the news for a series of alarming vulnerabilities demonstrating that tired, legacy approaches simply can’t keep pace with modern threats.
Cleo VLTrader Breach (July 2025)
A major healthcare data breach illustrates how FTP-adjacent tools can leave sensitive digital assets exposed. In July 2025, Cierant revealed that vulnerabilities in Cleo’s VLTrader solutions allowed attackers to execute remote code — enabling a breach that potentially impacted 233,000 individuals, exposing personal data, medical file details, and health plan information.
CrushFTP Zero-Day Flaw (July 2025)
In another recent incident, CrushFTP was found to contain a dangerous zero-day vulnerability. Revealed in mid-July 2025, this flaw allowed remote attackers to gain admin access via a misused HTTPS channel, bypassing standard validation mechanisms.
Alarmingly, attackers were manipulating the CrushFTP UI to display false, patched version numbers — creating a false sense of security.
Wing FTP Remote Code Execution (June 2025)
Perhaps most concerning is the RCE vulnerability in Wing FTP Server disclosed in June 2025. This critical bug arose from improper handling of null bytes in usernames, allowing attackers to inject and execute code on affected systems. At least 8,000 global servers were vulnerable.
Why FTP (and FTP-like Tools) are Under Siege
These recent breaches aren’t isolated. They reveal systematic issues that make FTP and FTP-adjacent tools inherently risky in modern environments.
- Fragile, Outdated Protocol Foundations: FTP was never designed with today’s cyber threat landscape in mind. Even with ‘secure’ variants like SFTP, the underlying architecture lacks:
- Sandboxing to isolate sessions
- Integrity checks to detect tampering
- Privileged separation to prevent escalation
- Modern authentication and access control
- Credential Risk: Once breached, FTP servers often open pathways for lateral movement deep into enterprise networks.
- Admin burden: Keeping FTP patched and secure falls on IT teams, a never-ending race against rapid weaponization of new exploits.
It’s clear: relying on outdated FTP is no longer viable in today’s threat environment.
Signiant: The Secure, Smart FTP Alternative

For organizations, especially in media and content-driven industries, secure file transfer isn’t just about protecting data; it’s about protecting your business, your intellectual property, and your reputation. Smart modern security practices and tools help avoid costly breaches, business or project disruptions, and ensure media gets to where it needs to go without disruption.
Signiant offers a smarter, modern FTP alternative that’s purpose-built for fast, safe, and secure file transfer.
- Enterprise-grade security and compliance: Studios, broadcasters, and content owners are increasingly requiring partners to meet strict compliance standards that FTP simply cannot meet. The Signiant Platform carries SOC 2 Type 2 compliance and has earned prestigious TPN Gold Shield assessments, reflecting rigorous independent evaluation.
- SSO/SAML: FTP accounts often remain active far too long when people come and go, including freelancers, contractors, agency partners. Signiant integrates with enterprise identity providers via Single Sign-On (SSO) and SAML, ensuring that only authenticated, authorized users can access specific content to align with centralized IT security policies.
- Granular Access Controls: When teams are working with pre-released content, embargoed footage, or region-specific versions, over-permissions can lead to accidental leaks or compliance issues. Signiant enables precise, user-level control over who can access specific files or folders, with customizable expiration dates, permissions, and role-based access.
- Chain of Custody Tracking: Disputes over leaks, missed deadlines, or lost assets can become costly battles of legality and fault. Signiant provides logs of user actions and transfer histories for accountability and security.
- Flexibility in deployment: Many security breaches happen when users circumvent slow, unreliable, or clunky systems like FTP or consumer tools, like Dropbox Signiant eliminates the need for multiple file transfer solutions, eliminating unsanctioned tools and shadow workflows that often arise when teams get frustrated with legacy systems.
“We had suffered through the years with FTP. We look back with horror and see just how easy it is right now. Sometimes the grass is actually greener on the other side.“
— Jóhannes Reykdal, MCR Playout and Media Services Group, RÚV Iceland
A Smarter Path Forward
If you’re still relying on FTP for media, production workflows, remote teams, or large file exchanges with partners, it’s time to upgrade your defenses. The smarter, safer path forward is Signiant.