2025-07-18T15:30:00.0000000Z

A critical zero-day vulnerability has been identified in Crush. While there are currently no indications that this vulnerability has been exploited, we are taking proactive steps to protect your data by disabling the Web Portal.

• SFTP access and automated jobs remain unaffected at this time.

• We will begin patching at 6:00 PM EST on July 18, 2025.

• During this maintenance, all Crush services — including SFTP and automated jobs — will be unavailable for approximately 1 hour.

We will restore all services as soon as the update is successfully applied.

2025-07-18T21:03:00.0000000Z

As the security of your data is our top priority, our dedicated security team and 24/7 monitoring tools continuously safeguard our servers against potential threats. In addition to our normal security procedures, we have engaged directly with CrushFTP Support. Based on the indicators of compromise provided by CrushFTP, we have thoroughly reviewed this server and have found no evidence that the server was compromised or that any data was impacted in any way.

The Trimble Transportation Cloud Services Operations Team will be applying the security patch at 6:00 PM EST on July 18, 2025. During this maintenance window, all CrushFTP services — including the Web Portal, SFTP access, and automated jobs — will be unavailable.

We expect to have all CrushFTP services fully restored by 7:00 PM EST.

We will continue to monitor and work closely with CrushFTP to ensure your data remains secure.

2025-07-18T21:45:00.0000000Z

The Trimble Transportation Cloud Services Operations Team will be applying the security patch in 15 minutes, at 6:00 PM EST on July 18, 2025. During this maintenance window, all CrushFTP services — including the Web Portal, SFTP access, and automated jobs — will be unavailable.

We expect to have all CrushFTP services fully restored by 7:00 PM EST.