CVE-2025-54309
Published Jul 18, 2025
Last updated 4 months ago
- Description
- CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- crushftp
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- CrushFTP Unprotected Alternate Channel Vulnerability
- Exploit added on
- Jul 22, 2025
- Exploit action due
- Aug 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-420
- Hype score
- Not currently trending
🚨 Active exploitation detected 📦 Product: CrushFTP 🆔 Vuln: CVE-2025-54309 A vulnerability in AS2 validation allows remote attackers to gain administrative access via HTTPS. ⚠️ Mitigation: Apply security patches immediately. 📈 Score: 9 🔗 Source in the first
@XavSecOps
18 Jan 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New CrushFTP Critical Vulnerability Exploited in the Wild CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPSCVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS Read More https://t.co/aIqsyttJUC
@SecurityAid
7 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries ... https://t.co/jp17hAZjRr
@SecurityAid
5 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Sigma release r2025-10-01 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> https://t.co/E2jfs2YiXu This release introduces a bunch of new rules and updates - A bunch of CVE detections including CVE-2025-54
@nas_bench
1 Oct 2025
3544 Impressions
10 Retweets
32 Likes
9 Bookmarks
2 Replies
0 Quotes
🚨 A Critical Vulnerability exists in CrushFTP (CVE-2025-54309). Please see the @ncsc_gov_ie advisory for more details: https://t.co/0G7Sl5V69l
@ncsc_gov_ie
16 Sept 2025
220 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CrushFTP の脆弱性 CVE-2025-54309:新たな PoC エクスプロイトが公開 https://t.co/awvRBQMKnZ CrushFTP で発見された、深刻な認証バイパスの脆弱性について説明する記事であり、その原因は、AS2 検証処理における競合状態
@iototsecnews
8 Sept 2025
127 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are exploiting a CrushFTP Zero-Day (CVE-2025-54309) to gain admin access and take over servers. Update to v10.8.5 or v11.3.4 now! https://t.co/N0Wr0NNYKp #CyberSecurity #CrushFTP #Vulnerability #0day
@pro_recover_y
3 Sept 2025
11 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
En ny zero-day i CrushFTP (CVE-2025-54309) har utnyttjats aktivt under juli. Minst 30 000 instanser är exponerade, och en exploit las ut till försäljning samma dag som sårbarheten hamnade på CISA:s KEV-lista. Läs mer i inlägget: https://t.co/zJZtqs9GmY
@kryptera
2 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
En ny zero-day i CrushFTP (CVE-2025-54309) har utnyttjats aktivt under juli. Minst 30 000 instanser är exponerade, och en exploit las ut till försäljning samma dag som sårbarheten hamnade på CISA:s KEV-lista. Läs mer i inlägget: https://t.co/ruysQIjArh
@jonasl
2 Sept 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ UPDATE: ReliaQuest confirms attackers used CVE-2025-54309 to hijack the “crushadmin” account as a backdoor. 55k+ devices still expose CrushFTP online. Logs showing “failed” attempts ≠ safe. Details → https://t.co/nsrt8qZGQd
@TheHackersNews
2 Sept 2025
11828 Impressions
20 Retweets
62 Likes
7 Bookmarks
0 Replies
1 Quote
🚨 Hackers are exploiting a CrushFTP Zero-Day (CVE-2025-54309) to gain admin access and take over servers. Update to v10.8.5 or v11.3.4 now! Read: https://t.co/j8Dpzssu90… #CyberSecurity #CrushFTP #Vulnerability #0day https://t.co/rCZORRBi9C
@pro_recover_y
1 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54309: CrushFTP Gets Crushed Again with Critical Authentication Bypass Vulnerability (🧵Thread) At Crowdsec, we are continuously delighted by the quality (and humor) of WatchTowr Labs' vulnerability reports. This week is no exception, and the hot topic is the re
@Crowd_Security
1 Sept 2025
310 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
#PoC #Exploit #Released #for #CrushFTP #0-#day #Vulnerability (CVE-2025-54309) https://t.co/Q5qSfhtLbq
@thezigzag3
30 Aug 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers exploit CrushFTP zero-day (CVE-2025-54309) to seize server control. WatchTowr Labs reveals critical admin access vulnerability. https://t.co/znp52u0qk2
@not2cleverdotme
30 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This is one of the best posts this year: "The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309)" - Entertaining, memes are on point, technical details are fantastic, and there is some direct and indirect "eye poking" going on. Love it! https://t.co/ZukaGAGCOu
@securityweekly
29 Aug 2025
705 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
#exploit 1⃣ CVE-2025-54309: CrushFTP race condition vulnerability - https://t.co/pHgnXcUEnV 2⃣ CVE-2025-34030: sar2html 'plot' parameter RCE - https://t.co/vuvXIAdsFZ 3⃣ CVE-2025-8355/CVE-2025-8356: XXE Injection/Path Traversal in Xerox FreeFlow Core - https://t.co/J4B
@ksg93rd
29 Aug 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-53770 CVE-2025-43300 CVE-2025-5777 CVE-2024-21887 CVE-2023-46604 (@ThreatBookLabs) CVE-2025-7776 CVE-2025-54309 CVE-2025-7775 CVE-2025-53771 https://t.co/q4Rx5wWFSt
@ptdbugs
29 Aug 2025
286 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Flaw CVE-2025-54309 in CrushFTP servers enables attackers to gain admin access by disabling features. Researchers used a sensor network to catch hackers exploiting this flaw in real time, confirming a race condition with 2 HTTP requests creating a rogue admin account. Thousands #
@bigmacd16684
28 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-54309 (CVSS: 9): Hackers are exploiting a critical CrushFTP auth bypass vuln, gaining FULL admin access via HTTPS. Attackers can steal sensitive files, plant malicious ones, and wreak havoc. 🔥PoC: https://t.co/43dkQH0uDE Search by vul.cve https://t.co/nEgUWL
@zoomeye_team
28 Aug 2025
3686 Impressions
34 Retweets
69 Likes
35 Bookmarks
1 Reply
1 Quote
CVE-2025-54309: Exploit Code Emerges for CrushFTP 0-Day https://t.co/gx2fBEEvIF
@CyberSecuriUS
28 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs https://t.co/5FgDzqYqaA https://t.co/lLOivQ5uFG
@secharvesterx
27 Aug 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Teach a hacker to find vulnerabilities, and they might find a couple. Teach a hacker to steal warez from another idiot, and they will feast for eternity" Enjoy our analysis of CrushFTP's CVE-2025-54309, fueled by watchTowr's Attacker Eye https://t.co/G2lHM4ASpd
@watchtowrcyber
27 Aug 2025
8214 Impressions
35 Retweets
107 Likes
29 Bookmarks
4 Replies
1 Quote
#VulnerabilityReport #CrushFTP CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability https://t.co/HK0iNfAoJK
@Komodosec
25 Aug 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
@ZeroDayFacts
23 Aug 2025
31 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-54309 - CrushFTP Zero-day vulnerability exploited in the wild https://t.co/U65tD65xDb https://t.co/3aPvKuCNfV
@mayurk21
9 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 - CrushFTP Zero-day vulnerability exploited in the wild https://t.co/KIaTEVyuIm https://t.co/UnDzmg0WzX
@CloudVirtues
8 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309 - CrushFTP Zero-day vulnerability exploited in the wild https://t.co/vDiagrjoRP https://t.co/pvOGWGLuAH
@scandaletti
7 Aug 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای سرویس معروف CrushFTP , که یک نوع سرویس ftp می باشد ، آسیب پذیری با کد شناسایی CVE-2025-54309 منتشر شده است . این آسیب پذیری از نوع authentication bypass و RCE می باشد و
@AmirHossein_sec
3 Aug 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54309: #CrushFTP Authentication Bypass Unauthenticated attackers can exploit this flaw to gain admin access on affected CrushFTP devices via HTTPS. This vulnerability is already in @CISAgov's Known Exploited Vulnerabilities catalog, signaling active threat activity
@Horizon3ai
1 Aug 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Zéro-day dans CrushFTP (CVE-2025-54309) : les détails techniques ainsi qu'un code d'exploit ont été rendus public. Pour rappel, cette vulnérabilité permet à un attaquant non-authentifié d'exécuter du code arbitraire à distance. https://t.co/CTCxyOEprW
@cert_ist
31 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
😱 #CRUSHFTP IS GETTING 𝘊𝘙𝘜𝘚𝘏𝘌𝘋! Hackers are crashing the party, and your file server might be on the guest list. CVE-2025-54309 is live, dangerous, and being actively exploited right now. https://t.co/xvhf1jSBk9 #MFT #EDI #DMZproxy #CyberSecurity #MSP h
@GuardzCyber
31 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea
@FireCompass
31 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC https://t.co/7XS1Z7W52S https://t.co/uj6fhQFj2q
@secharvesterx
31 Jul 2025
119 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New CRITICAL RCE in CrushFTP (CVE-2025-54309)! PoC released, no patch yet. Enterprise file transfers at risk — monitor for updates, restrict access, and audit logs now. Details: https://t.co/rL9tLdHS6d #OffS... https://t.co/rf6cRKgtHN
@offseq
31 Jul 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day (CVSS: 9.0) https://t.co/hNq3YXXVS3
@keith55
30 Jul 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC https://t.co/4beWoJssFx
@_r_netsec
30 Jul 2025
1397 Impressions
7 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/c6cqfPud1B https://t.co/aA0QIo22gt
@PintoriAlice
30 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 CrushFTP vulnérable (CVE-2025-54309) : hackers exploitent activement une faille via HTTPS sur serveurs non patchés. CISA urge les correctifs pour protéger vos données. Agissez vite ! #CyberSecurite #CrushFTP https://t.co/fnSYSayiTk
@inidreamtheater
27 Jul 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Une faille critique dans CrushFTP (CVE-2025-54309) exploitée activement. Les hackers accèdent aux serveurs non patchés via HTTPS. CISA alerte : appliquez les correctifs immédiatement pour protéger vos données ! https://t.co/fnSYSayiTk
@inidreamtheater
27 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CrushFTP, AS2 Validation Bypass, #CVE-2025-54309 (Critical) https://t.co/Z3t28apHYA
@dailycve
27 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ICYMI — Hackers are actively exploiting a critical CrushFTP flaw (CVE-2025-54309) to gain admin access on unpatched servers via HTTPS. 🛡️ CISA has added it to the KEV list. Patch now before data walks out the door. Details → https://t.co/nsrt8qZGQd
@TheHackersNews
26 Jul 2025
11565 Impressions
18 Retweets
66 Likes
6 Bookmarks
0 Replies
0 Quotes
🧵 URGENT THREAD: 🚨 CrushFTP Zero-Day (CVE-2025-54309) Actively Exploited! 🛡️ Act NOW! 🚨 RED ALERT: CrushFTP zero-day (CVE-2025-54309) under attack! 😱 1,000+ unpatched servers risk remote takeover, no creds needed. CVSS ~9.0 = CRITICAL! Patch NOW or Perish!⚠️
@justproton
26 Jul 2025
1145 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-54309 (CVSS 9.8): Critical CrushFTP #CVE202554309 Unauth RCE → Admin access via HTTPS when DMZ proxy is off. ⚠️CrushFTP10 <10.8.5 & 11 <11.3.4_23 affected. ❗Exploitation confirmed 🔎 55K+ interfaces exposed 🛡️ Patch now 🔗 https://t.co/
@censysio
26 Jul 2025
6724 Impressions
28 Retweets
106 Likes
45 Bookmarks
3 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/bDS5CY3JBf https://t.co/skbAckytcE
@IT_Peurico
25 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In our latest #vulnerability review, we analyze critical vulnerabilities in Microsoft #SharePoint and #CrushFTP, including CVE-2025-53770, CVE-2025-49704, and CVE-2025-54309, which expose systems to unauthorized access and RCE. More below: https://t.co/lfZGnEHUGw
@NetizenCorp
25 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild https://t.co/TF2rPpOpcU https://t.co/TsDlAtoyHO
@pcasano
24 Jul 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds critical vulnerabilities in CrushFTP (CVE-2025-54309), Chrome (CVE-2025-6558), and SysAid to its KEV list. Active exploits pose serious risks. Immediate patching is essential. #CrushFTP #CyberAlert #US https://t.co/cixhQxC3nW
@TweetThreatNews
24 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
An FTP vuln brings all the attackers to the yard, and they're like "you haven't patched yours!" [they're right, we haven't patched ours] They'll teach us, but they're gonna charge. CVE-2025-54309 CrushFTP warns of zero-day exploit seen in the wild https://t.co/vQg6vt9192 http
@cyber_megan
24 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical RCE flaw found in #CrushFTP (CVE-2025-54309) No auth needed. Attackers can fully take over vulnerable servers. 🛠️ Affected: < v10.8.5 / 11.3.4_23 💥 Exploitation active 📉 1000+ servers still exposed 🔄 Patch now: https://t.co/YSZMKGADud #CyberSecur
@NeoCyberXPro
24 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4950EA3-D20F-48B4-BE81-8018EFB452D8",
"versionEndExcluding": "10.8.5",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC2BCC0-AEA5-4A35-BCAD-6287574D4ED5",
"versionEndExcluding": "11.3.4_23",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]