AI description
CVE-2025-54309 is a vulnerability in CrushFTP versions before 10.8.5 and 11.3.4_23. It stems from improper validation of the AS2 (Applicability Statement 2) protocol over HTTPS when the DMZ proxy feature is not in use. This mishandling allows unauthenticated remote attackers to gain administrative access to the system. Specifically, the server fails to correctly validate remote requests made to AS2 endpoints, which allows attackers to forge requests that the system interprets as coming from a trusted source, bypassing authentication checks. By sending malicious AS2 payloads over HTTPS to the exposed CrushFTP endpoint, an attacker can send administrative commands and potentially escalate privileges to execute arbitrary commands.
- Description
- CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- CrushFTP Unprotected Alternate Channel Vulnerability
- Exploit added on
- Jul 22, 2025
- Exploit action due
- Aug 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-420
- Hype score
- Not currently trending
【セキュリティ ニュース】「CrushFTP」旧版に脆弱性 - 攻撃者が最新版を解析して悪用か:Security NEXT https://t.co/XP7pXY7zzt 本日公開されていた CISA の悪用された脆弱性リストにも出てますね。>CVE-2025-54309
@Syynya
23 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-54309 #CrushFTP Unprotected Alternate Channel Vulnerability https://t.co/Hwr4cCkVz5
@ScyScan
22 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks Over 1,000 CrushFTP servers are vulnerable to CVE-2025-54309, a critical flaw in AS2 validation that allows admin access hijacking via the web interface. The bug affects versions below 10.8.5 and 11.3.4_23 and is http
@dCypherIO
22 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical CrushFTP Flaw (CVE-2025-54309) Exploited-Check If You’re at Risk https://t.co/5kUQnydD4t #As2Exploit #cve-2025-54309
@wizconsults
22 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 1,000 CrushFTP instances are vulnerable due to CVE-2025-54309, allowing hacker access. Servers must be updated and monitored to prevent exploitation, especially amid ongoing ransomware threats. #Security https://t.co/tHbph3NBh9
@Strivehawk
21 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/WHseQ69yMC https://t.co/LIeVWE4QA5
@secured_cyber
21 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en CrushFTP ❗CVE-2025-54309 ➡️Más info: https://t.co/ql6V3rqcFV https://t.co/XBJh8GpzwD
@CERTpy
21 Jul 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/HVcKFBc0gT https://t.co/8MNRZuWp8Q
@ggrubamn
21 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️#CrushFTP: rilevato sfruttamento attivo in rete della CVE-2025-54309 Rischio: 🔴 Tipologia: 🔸 Privilege Escalation 🔗 https://t.co/lVarPyf0vs 🔄 Aggiornamenti disponibili 🔄 https://t.co/i1djlslwui
@Vulcanux_
21 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CrushFTP servers below versions 10.8.5 and 11.3.4_23 are vulnerable to CVE-2025-54309, a zero-day actively exploited via HTTP/HTTPS. Look for unusual XML edits and admin accounts. Restore backups or delete affected profiles. #DataSecurity #UK https://t.co/jwHfrGTqIx
@TweetThreatNews
21 Jul 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
0day en CrushFTP CVE-2025-54309 https://t.co/amdms9Wapn https://t.co/lnyq18AKBR
@elhackernet
21 Jul 2025
1912 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Alert! We are scanning for unpatched CrushFTP instances vulnerable to CVE-2025-54309. This vulnerability is exploited in the wild - https://t.co/ztwdvKG9j8 We see 1040 instances unpatched on 20th July. Top countries affected: US, Germany, Canada https://t.co/ZEsKsromE7 https:/
@Shadowserver
21 Jul 2025
3255 Impressions
10 Retweets
22 Likes
6 Bookmarks
2 Replies
1 Quote
⚠️⚠️ CVE-2025-54309: Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers 🎯419k+ Results are found on the https://t.co/pb16tGXCUG nearly year. 🔗FOFA Link: https://t.co/NrTi9u5Ss6 FOFA Query:app="CrushFTP" 🔖Refer: https://t.co/FMrzpgJ7K
@fofabot
21 Jul 2025
1288 Impressions
6 Retweets
21 Likes
7 Bookmarks
0 Replies
0 Quotes
A zero-day in CrushFTP (CVE-2025-54309) allowed attackers to gain admin access via HTTP(S), impacting versions before July 2023 with a CVSS score of 9.0. Indicators include new admins and log changes. #CrushFTP #ZeroDay #CyberRisk https://t.co/J6O50Be13l
@TweetThreatNews
21 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54309 : Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers 📊235K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/OpFcAmqq8e 👇Query HUNTER : https://t.co/q9rtuGfZuz="CrushFTP Server
@HunterMapping
21 Jul 2025
1467 Impressions
7 Retweets
25 Likes
5 Bookmarks
0 Replies
0 Quotes
📌 CrushFTP warns of active exploitation of zero-day vulnerability CVE-2025-54309, allowing attackers admin access via web interface. #CyberSecurity #ZeroDay https://t.co/BORksLaHyK https://t.co/5ii7aQIdTB
@CyberVenom01
20 Jul 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 CrushFTP warns of active exploitation of zero-day vulnerability CVE-2025-54309, allowing attackers admin access via web interface. #CyberSecurity #ZeroDay https://t.co/WVpy3FNLmT https://t.co/kU5G9mXDIH
@CyberHub_blog
20 Jul 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CrushFTP has reported active exploitation of a zero-day vulnerability (CVE-2025-54309) that allows attackers to gain admin access via the web interface on vulnerable servers. Detected on July 18, the flaw affects versions prior to CrushFTP v10.8. https://t.co/R0832lrD50
@securityRSS
20 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are actively exploiting the critical CVE-2025-54309 flaw in CrushFTP versions prior to 10.8.5 and 11.3.4_23 to gain admin access via HTTP(S). Affected systems in government, healthcare, and enterprise sectors are at increased risk. #CrushFTP #Cyb… https://t.co/XwJQmgysm
@TweetThreatNews
20 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. https://t.co/5yteC4vxBj
@ZeroDayFacts
20 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are actively exploiting a critical flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) to gain admin access via HTTPS—no DMZ needed. They reverse engineered a patch and struck fast. The worst part? Many systems are still exposed. Details here → ... https://t.co/mmAWzP
@IT_news_for_all
20 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/kbbEVFeRUr https://t.co/l2P6aGpdO3
@Trej0Jass
20 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/LpLUFSvW91 https://t.co/az674Xi6a8
@Trej0Jass
20 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are actively exploiting a critical flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) to gain admin access via HTTPS—no DMZ needed. They reverse engineered a patch and struck fast. The worst part? Many systems are still exposed. Details here → https://t.co/nsrt8qZ90F
@TheHackersNews
20 Jul 2025
13039 Impressions
34 Retweets
50 Likes
9 Bookmarks
1 Reply
2 Quotes
CVE-2025-54309 # CrushFTP 0-Day Vulnerability: https://t.co/k8AC9IumBg
@Iambivash007
20 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Heads up! CrushFTP's got a critical zero-day vulnerability (CVE-2025-54309) that’s making waves in the file transfer world. Time to patch up before your files start a rebellion! #CyberSecurity #CrushFTP #ZeroDay https://t.co/ZvNDh1pczY
@windowsforum
19 Jul 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: new CrushFTP Zero-Day (CVE-2025-54309) under active exploitation Attackers are exploiting a fresh 0day in #CrushFTP enterprise file transfer servers to gain admin access via web interface. Exploitation began July 18th, targeting unpatched systems (< https://t.c
@ransomnews
19 Jul 2025
150 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. #cybersecurity https://t.co/WbrCM3v1YE
@cybertzar
19 Jul 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New CrushFTP zero-day (CVE-2025-54309) being exploited to gain admin access on servers. Take immediate action to secure vulnerable systems. https://t.co/Ri5z0zvjaT
@not2cleverdotme
19 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 DEVELOPING: CrushFTP zero-day (CVE-2025-54309) under active exploitation - attackers gaining admin access via web interface. Enterprise file transfer servers being targeted. Exploitation detected starting July 18, 9AM CST. This is a developing story - ThreatCluster is ht
@threatcluster
19 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 new zero day affecting crushFTP instances (CVE-2025-54309) being exploited in the wild: ~291,903 exposed devices running crushFTP (as of 19.07.25) according to @shodanhq: `http.html:"crushftp"` Patch now: https://t.co/T3RTNGFOWu https://t.co/teSo3Si0F3
@rxerium
19 Jul 2025
127 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
CrushFTP warns of active attacks exploiting zero-day CVE-2025-54309, allowing admin access via the web interface. https://t.co/49OpxYSJYp #CrushFTP #vulnerability #zeroday #0day #CyberAttack #CybersecurityNews #Cybersecurity #threatresq
@ThreatResq
19 Jul 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CrushFTP has issued a warning about an active zero-day vulnerability (CVE-2025-54309) being exploited to hijack servers. Attackers can gain administrative access via the web interface on affected systems. Stay informed and protect your servers. Read more: https://t.co/65mx6FIOaM
@trubetech
19 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تحذر CrushFTP من استغلال فاعلي التهديد لثغرة صفراء جديدة، مُعرفة برمز CVE-2025-54309، مما يمكّنهم من الحصول على وصول إداري عبر واجهة الويب على الخوادم المعرضة لل
@Cybercachear
19 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical CrushFTP zero-day (CVE-2025-54309) allows attackers to gain admin access without credentials. Patch to v10.8.4 or v11.3.1 immediately—active exploitation confirmed. Technical breakdown: https://t.co/O16x92kOkE
@RedTeamNewsBlog
18 Jul 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تحذر CrushFTP من استغلال مخترقين لثغرة جديدة (CVE-2025-54309) تمكّنهم من الحصول على وصول إداري عبر واجهة الويب على الخوادم المعرضة للخطر. https://t.co/eEEKPVwaHx
@Cybercachear
18 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CrushFTP has an active 0-Day with a CVSS score of 9.0 CVE-2025-54309: CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited
@DarkWebInformer
18 Jul 2025
3615 Impressions
1 Retweet
12 Likes
4 Bookmarks
0 Replies
0 Quotes
CrushFTP alerts users to a critical zero-day vulnerability, CVE-2025-54309, that is being actively exploited by attackers to gain admin access through the web interface on vulnerable servers. Stay informed and protect your systems. Read more about it here: https://t.co/qFTrXrwU6k
@trubetech
18 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت CrushFTP تحذيرًا من استغلال المهاجمين لثغرة صفراء تُعرف بـ CVE-2025-54309، مما يتيح لهم الحصول على وصول إداري عبر واجهة الويب على الخوادم المعرضة للخطر. https
@Cybercachear
18 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtai… https://t.co/602I3Ix2Kw
@CVEnew
18 Jul 2025
301 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes