A critical security vulnerability in CrushFTP (CVE-2025-54309) is actively exploited in the wild, allowing remote attackers to gain admin access and potentially compromise sensitive data. Organizations using CrushFTP should implement recommended mitigations and monitor for signs of breach. #CrushFTP #CVE202554309
Keypoints
- The vulnerability CVE-2025-54309 affects CrushFTP versions prior to 10.8.5 and 11.3.4_23 and is actively exploited by hackers.
- The flaw mishandles AS2 validation when the DMZ proxy feature is not used, enabling remote exploitation via HTTP(S).
- CrushFTP is widely used in sensitive environments like government, healthcare, and enterprise sectors, increasing the risk of data breaches.
- Threat actors reverse engineered source code to exploit earlier versions of CrushFTP, which may have been susceptible since July 1, 2025.
- Organizations are advised to review user activity logs, restrict IP access, enable automatic updates, and take other mitigation measures to prevent compromise.
Read More: https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html