AI description
CVE-2025-54309 is a vulnerability in CrushFTP versions before 10.8.5 and 11.3.4_23. It stems from improper validation of the AS2 (Applicability Statement 2) protocol over HTTPS when the DMZ proxy feature is not in use. This mishandling allows unauthenticated remote attackers to gain administrative access to the system. Specifically, the server fails to correctly validate remote requests made to AS2 endpoints, which allows attackers to forge requests that the system interprets as coming from a trusted source, bypassing authentication checks. By sending malicious AS2 payloads over HTTPS to the exposed CrushFTP endpoint, an attacker can send administrative commands and potentially escalate privileges to execute arbitrary commands.
- Description
- CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- crushftp
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- CrushFTP Unprotected Alternate Channel Vulnerability
- Exploit added on
- Jul 22, 2025
- Exploit action due
- Aug 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-420
- Hype score
- Not currently trending
🚨 A Critical Vulnerability exists in CrushFTP (CVE-2025-54309). Please see the @ncsc_gov_ie advisory for more details: https://t.co/0G7Sl5V69l
@ncsc_gov_ie
16 Sept 2025
220 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CrushFTP の脆弱性 CVE-2025-54309:新たな PoC エクスプロイトが公開 https://t.co/awvRBQMKnZ CrushFTP で発見された、深刻な認証バイパスの脆弱性について説明する記事であり、その原因は、AS2 検証処理における競合状態
@iototsecnews
8 Sept 2025
127 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are exploiting a CrushFTP Zero-Day (CVE-2025-54309) to gain admin access and take over servers. Update to v10.8.5 or v11.3.4 now! https://t.co/N0Wr0NNYKp #CyberSecurity #CrushFTP #Vulnerability #0day
@pro_recover_y
3 Sept 2025
11 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
En ny zero-day i CrushFTP (CVE-2025-54309) har utnyttjats aktivt under juli. Minst 30 000 instanser är exponerade, och en exploit las ut till försäljning samma dag som sårbarheten hamnade på CISA:s KEV-lista. Läs mer i inlägget: https://t.co/zJZtqs9GmY
@kryptera
2 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
En ny zero-day i CrushFTP (CVE-2025-54309) har utnyttjats aktivt under juli. Minst 30 000 instanser är exponerade, och en exploit las ut till försäljning samma dag som sårbarheten hamnade på CISA:s KEV-lista. Läs mer i inlägget: https://t.co/ruysQIjArh
@jonasl
2 Sept 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ UPDATE: ReliaQuest confirms attackers used CVE-2025-54309 to hijack the “crushadmin” account as a backdoor. 55k+ devices still expose CrushFTP online. Logs showing “failed” attempts ≠ safe. Details → https://t.co/nsrt8qZGQd
@TheHackersNews
2 Sept 2025
11828 Impressions
20 Retweets
62 Likes
7 Bookmarks
0 Replies
1 Quote
🚨 Hackers are exploiting a CrushFTP Zero-Day (CVE-2025-54309) to gain admin access and take over servers. Update to v10.8.5 or v11.3.4 now! Read: https://t.co/j8Dpzssu90… #CyberSecurity #CrushFTP #Vulnerability #0day https://t.co/rCZORRBi9C
@pro_recover_y
1 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54309: CrushFTP Gets Crushed Again with Critical Authentication Bypass Vulnerability (🧵Thread) At Crowdsec, we are continuously delighted by the quality (and humor) of WatchTowr Labs' vulnerability reports. This week is no exception, and the hot topic is the re
@Crowd_Security
1 Sept 2025
310 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
#PoC #Exploit #Released #for #CrushFTP #0-#day #Vulnerability (CVE-2025-54309) https://t.co/Q5qSfhtLbq
@thezigzag3
30 Aug 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers exploit CrushFTP zero-day (CVE-2025-54309) to seize server control. WatchTowr Labs reveals critical admin access vulnerability. https://t.co/znp52u0qk2
@not2cleverdotme
30 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This is one of the best posts this year: "The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309)" - Entertaining, memes are on point, technical details are fantastic, and there is some direct and indirect "eye poking" going on. Love it! https://t.co/ZukaGAGCOu
@securityweekly
29 Aug 2025
705 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
#exploit 1⃣ CVE-2025-54309: CrushFTP race condition vulnerability - https://t.co/pHgnXcUEnV 2⃣ CVE-2025-34030: sar2html 'plot' parameter RCE - https://t.co/vuvXIAdsFZ 3⃣ CVE-2025-8355/CVE-2025-8356: XXE Injection/Path Traversal in Xerox FreeFlow Core - https://t.co/J4B
@ksg93rd
29 Aug 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-53770 CVE-2025-43300 CVE-2025-5777 CVE-2024-21887 CVE-2023-46604 (@ThreatBookLabs) CVE-2025-7776 CVE-2025-54309 CVE-2025-7775 CVE-2025-53771 https://t.co/q4Rx5wWFSt
@ptdbugs
29 Aug 2025
286 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Flaw CVE-2025-54309 in CrushFTP servers enables attackers to gain admin access by disabling features. Researchers used a sensor network to catch hackers exploiting this flaw in real time, confirming a race condition with 2 HTTP requests creating a rogue admin account. Thousands #
@bigmacd16684
28 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-54309 (CVSS: 9): Hackers are exploiting a critical CrushFTP auth bypass vuln, gaining FULL admin access via HTTPS. Attackers can steal sensitive files, plant malicious ones, and wreak havoc. 🔥PoC: https://t.co/43dkQH0uDE Search by vul.cve https://t.co/nEgUWL
@zoomeye_team
28 Aug 2025
3686 Impressions
34 Retweets
69 Likes
35 Bookmarks
1 Reply
1 Quote
CVE-2025-54309: Exploit Code Emerges for CrushFTP 0-Day https://t.co/gx2fBEEvIF
@CyberSecuriUS
28 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs https://t.co/5FgDzqYqaA https://t.co/lLOivQ5uFG
@secharvesterx
27 Aug 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Teach a hacker to find vulnerabilities, and they might find a couple. Teach a hacker to steal warez from another idiot, and they will feast for eternity" Enjoy our analysis of CrushFTP's CVE-2025-54309, fueled by watchTowr's Attacker Eye https://t.co/G2lHM4ASpd
@watchtowrcyber
27 Aug 2025
8214 Impressions
35 Retweets
107 Likes
29 Bookmarks
4 Replies
1 Quote
#VulnerabilityReport #CrushFTP CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability https://t.co/HK0iNfAoJK
@Komodosec
25 Aug 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
@ZeroDayFacts
23 Aug 2025
31 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-54309 - CrushFTP Zero-day vulnerability exploited in the wild https://t.co/U65tD65xDb https://t.co/3aPvKuCNfV
@mayurk21
9 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 - CrushFTP Zero-day vulnerability exploited in the wild https://t.co/KIaTEVyuIm https://t.co/UnDzmg0WzX
@CloudVirtues
8 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 - CrushFTP Zero-day vulnerability exploited in the wild https://t.co/vDiagrjoRP https://t.co/pvOGWGLuAH
@scandaletti
7 Aug 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای سرویس معروف CrushFTP , که یک نوع سرویس ftp می باشد ، آسیب پذیری با کد شناسایی CVE-2025-54309 منتشر شده است . این آسیب پذیری از نوع authentication bypass و RCE می باشد و
@AmirHossein_sec
3 Aug 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54309: #CrushFTP Authentication Bypass Unauthenticated attackers can exploit this flaw to gain admin access on affected CrushFTP devices via HTTPS. This vulnerability is already in @CISAgov's Known Exploited Vulnerabilities catalog, signaling active threat activity
@Horizon3ai
1 Aug 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Zéro-day dans CrushFTP (CVE-2025-54309) : les détails techniques ainsi qu'un code d'exploit ont été rendus public. Pour rappel, cette vulnérabilité permet à un attaquant non-authentifié d'exécuter du code arbitraire à distance. https://t.co/CTCxyOEprW
@cert_ist
31 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
😱 #CRUSHFTP IS GETTING 𝘊𝘙𝘜𝘚𝘏𝘌𝘋! Hackers are crashing the party, and your file server might be on the guest list. CVE-2025-54309 is live, dangerous, and being actively exploited right now. https://t.co/xvhf1jSBk9 #MFT #EDI #DMZproxy #CyberSecurity #MSP h
@GuardzCyber
31 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea
@FireCompass
31 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC https://t.co/7XS1Z7W52S https://t.co/uj6fhQFj2q
@secharvesterx
31 Jul 2025
119 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New CRITICAL RCE in CrushFTP (CVE-2025-54309)! PoC released, no patch yet. Enterprise file transfers at risk — monitor for updates, restrict access, and audit logs now. Details: https://t.co/rL9tLdHS6d #OffS... https://t.co/rf6cRKgtHN
@offseq
31 Jul 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day (CVSS: 9.0) https://t.co/hNq3YXXVS3
@keith55
30 Jul 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC https://t.co/4beWoJssFx
@_r_netsec
30 Jul 2025
1397 Impressions
7 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/c6cqfPud1B https://t.co/aA0QIo22gt
@PintoriAlice
30 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 CrushFTP vulnérable (CVE-2025-54309) : hackers exploitent activement une faille via HTTPS sur serveurs non patchés. CISA urge les correctifs pour protéger vos données. Agissez vite ! #CyberSecurite #CrushFTP https://t.co/fnSYSayiTk
@inidreamtheater
27 Jul 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Une faille critique dans CrushFTP (CVE-2025-54309) exploitée activement. Les hackers accèdent aux serveurs non patchés via HTTPS. CISA alerte : appliquez les correctifs immédiatement pour protéger vos données ! https://t.co/fnSYSayiTk
@inidreamtheater
27 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CrushFTP, AS2 Validation Bypass, #CVE-2025-54309 (Critical) https://t.co/Z3t28apHYA
@dailycve
27 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ICYMI — Hackers are actively exploiting a critical CrushFTP flaw (CVE-2025-54309) to gain admin access on unpatched servers via HTTPS. 🛡️ CISA has added it to the KEV list. Patch now before data walks out the door. Details → https://t.co/nsrt8qZGQd
@TheHackersNews
26 Jul 2025
11565 Impressions
18 Retweets
66 Likes
6 Bookmarks
0 Replies
0 Quotes
🧵 URGENT THREAD: 🚨 CrushFTP Zero-Day (CVE-2025-54309) Actively Exploited! 🛡️ Act NOW! 🚨 RED ALERT: CrushFTP zero-day (CVE-2025-54309) under attack! 😱 1,000+ unpatched servers risk remote takeover, no creds needed. CVSS ~9.0 = CRITICAL! Patch NOW or Perish!⚠️
@justproton
26 Jul 2025
1145 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-54309 (CVSS 9.8): Critical CrushFTP #CVE202554309 Unauth RCE → Admin access via HTTPS when DMZ proxy is off. ⚠️CrushFTP10 <10.8.5 & 11 <11.3.4_23 affected. ❗Exploitation confirmed 🔎 55K+ interfaces exposed 🛡️ Patch now 🔗 https://t.co/
@censysio
26 Jul 2025
6724 Impressions
28 Retweets
106 Likes
45 Bookmarks
3 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/bDS5CY3JBf https://t.co/skbAckytcE
@IT_Peurico
25 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In our latest #vulnerability review, we analyze critical vulnerabilities in Microsoft #SharePoint and #CrushFTP, including CVE-2025-53770, CVE-2025-49704, and CVE-2025-54309, which expose systems to unauthorized access and RCE. More below: https://t.co/lfZGnEHUGw
@NetizenCorp
25 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/TF2rPpOpcU https://t.co/TsDlAtoyHO
@pcasano
24 Jul 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds critical vulnerabilities in CrushFTP (CVE-2025-54309), Chrome (CVE-2025-6558), and SysAid to its KEV list. Active exploits pose serious risks. Immediate patching is essential. #CrushFTP #CyberAlert #US https://t.co/cixhQxC3nW
@TweetThreatNews
24 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
An FTP vuln brings all the attackers to the yard, and they're like "you haven't patched yours!" [they're right, we haven't patched ours] They'll teach us, but they're gonna charge. CVE-2025-54309 CrushFTP warns of zero-day exploit seen in the wild https://t.co/vQg6vt9192 http
@cyber_megan
24 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical RCE flaw found in #CrushFTP (CVE-2025-54309) No auth needed. Attackers can fully take over vulnerable servers. 🛠️ Affected: < v10.8.5 / 11.3.4_23 💥 Exploitation active 📉 1000+ servers still exposed 🔄 Patch now: https://t.co/YSZMKGADud #CyberSecur
@NeoCyberXPro
24 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alleged Sale of CrushFTP Zero-Day Vulnerability 🚨 A threat actor using the alias “litxyz” claims to be selling a zero-day vulnerability identified as CVE-2025-54309 targeting CrushFTP, a widely used secure file transfer server. According to the actor, the vulnerabili
@MonThreat
23 Jul 2025
624 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
【セキュリティ ニュース】「CrushFTP」旧版に脆弱性 - 攻撃者が最新版を解析して悪用か:Security NEXT https://t.co/XP7pXY7zzt 本日公開されていた CISA の悪用された脆弱性リストにも出てますね。>CVE-2025-54309
@Syynya
23 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-54309 #CrushFTP Unprotected Alternate Channel Vulnerability https://t.co/Hwr4cCkVz5
@ScyScan
22 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks Over 1,000 CrushFTP servers are vulnerable to CVE-2025-54309, a critical flaw in AS2 validation that allows admin access hijacking via the web interface. The bug affects versions below 10.8.5 and 11.3.4_23 and is http
@dCypherIO
22 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4950EA3-D20F-48B4-BE81-8018EFB452D8",
"versionEndExcluding": "10.8.5",
"versionStartIncluding": "10.0.0"
},
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDC2BCC0-AEA5-4A35-BCAD-6287574D4ED5",
"versionEndExcluding": "11.3.4_23",
"versionStartIncluding": "11.0.0"
}
],
"operator": "OR"
}
]
}
]