Tag

Crushftp

All articles tagged with #crushftp

technology7 months ago•2 min saved

Critical Zero-Day Flaw Exposes CrushFTP Servers to Hijack Attacks

Over 1,000 CrushFTP servers are vulnerable to hijack attacks due to a critical security flaw (CVE-2025-54309) affecting versions below 10.8.5 and 11.3.4_23, with attackers exploiting the bug for potential data theft and unauthorized access. The vendor recommends updating and monitoring logs, as unpatched servers remain at risk, and ongoing attacks have been observed in the wild.

via BleepingComputer|

#crushftp #cve-2025-54309 #data-theft

security7 months ago•3 min saved

Hackers Exploit Critical CrushFTP Zero-Day to Compromise Servers

A critical flaw in CrushFTP (CVE-2025-54309) is actively exploited, allowing remote attackers to gain admin access on unpatched servers, especially affecting sensitive environments. The vulnerability, present in versions before 10.8.5 and 11.3.4_23, involves mishandling AS2 validation and can be exploited via HTTP(S). Organizations are advised to review logs, restrict IPs, and update to mitigate risks, as multiple CVEs have targeted CrushFTP recently.

via The Hacker News|

#admin-access #crushftp #cve-2025-54309