Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

CrushFTP zero-day exploited to gain admin access on servers

Summary by BleepingComputer
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

7 Articles

BleepingComputerBleepingComputer
Center

CrushFTP zero-day exploited to gain admin access on servers

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

Read Full Article
GBHackers On SecurityGBHackers On Security

CrushFTP 0-Day Vulnerability Actively Exploited to Breach Servers

A critical zero-day vulnerability in CrushFTP servers is being actively exploited by threat actors to compromise systems worldwide. The vulnerability, designated CVE-2025-54309, was first observed in active exploitation on July 18th at 9:00 AM CST, though security researchers believe the attacks may have been ongoing for longer periods before detection. Vulnerability Details and Attack Vector […] The post CrushFTP 0-Day Vulnerability Actively Ex…

Read Full Article
The Hacker NewsThe Hacker News

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS," according to

Read Full Article
winfuture.dewinfuture.de

Critical Zero-Day Gap in Crushftp Allows Admin Access

Do you use CrushFTP for file transfers? Then you should act quickly. An active Zero-Day-Lcke gets attackers full admin access via the web interface, the Federal Office for Information Security (BSI) had warned before. (Read more)

Read Full Article
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers

A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Tracked as CVE-2025-54309, the bug allows unauthenticated attackers to obtain full administrative… Read more → The post New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers appeared first on IT Security News.

Read Full Article
unsafe.shunsafe.sh
Reposted by
Tenable®Tenable®

CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild

CrushFTP软件发现零日漏洞CVE-2025-54309,允许攻击者获取管理员权限。该漏洞于7月18日被发现并被积极利用。攻击者可能通过逆向工程发现此漏洞,并已野外利用两次。CrushFTP已发布修复版本10.8.5和11.3.4_23以解决此问题。

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Friday, July 18, 2025.
Sources are mostly out of (0)

Similar News Topics

News
For You
SearchBlindspotLocal