Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0.
“CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS,” according to

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

China’s Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Next Post

Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Related Posts
Total
0
Share