Hackers Exploit Critical CrushFTP Zero-Day to Compromise Servers

July 20, 2025 at 07:35 AM

•

1 min read

Hackers Exploit Critical CrushFTP Zero-Day to Compromise Servers — Photo: The Hacker News

TL;DR Summary

A critical flaw in CrushFTP (CVE-2025-54309) is actively exploited, allowing remote attackers to gain admin access on unpatched servers, especially affecting sensitive environments. The vulnerability, present in versions before 10.8.5 and 11.3.4_23, involves mishandling AS2 validation and can be exploited via HTTP(S). Organizations are advised to review logs, restrict IPs, and update to mitigate risks, as multiple CVEs have targeted CrushFTP recently.

Topics:technology #admin-access #crushftp #cve-2025-54309 #exploitation #security #security-vulnerability

Share this article

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers The Hacker News
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks BleepingComputer
Critical Zero-Day Exposes FTP Servers To Attack Forbes
CrushFTP with 0-day vulnerability CVE-2025-54309 | Born's Tech and Windows World BornCity
Hackers Target Zero-Day Vulnerability to Exploit CrushFTP BankInfoSecurity

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 3 min read

Condensed

89%

590 → 62 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights