{ads}

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

Written By Sunday, 20 July 2025 Add Comment



July 20, 2025 at 01:05PM

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS," according to

from The Hacker News https://ift.tt/j4nMeKu

0 Response to "Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads