A new zero-day vulnerability in CrushFTP servers, CVE-2025-54309, is actively exploited by cybercriminals, especially targeting outdated versions. Organizations that fail to apply updates are at risk of unauthorized access and system compromise. #CrushFTP #ZeroDayVulnerability
Keypoints
- The vulnerability CVE-2025-54309 affects CrushFTP versions below 10.8.5 and 11.3.4_23.
- Attackers exploit the flaw via HTTP and HTTPS protocols to infiltrate servers.
- Indicators of compromise include unusual XML file modifications and unexpected admin accounts.
- Organizations are advised to restore backups created before July 16, 2025, or delete affected user profiles.
- Preventive measures include IP whitelisting, automatic updates, and deploying a CrushFTP proxy in enterprise networks.
Read More: https://thecyberexpress.com/crushftp-zero-day-flaw-cve-2025-54309/