CVE-2025-54309
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-54309. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
Available Exploits
Related News
WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE a…
Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software Cru…
CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data t…
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: July 30, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: July 18, 2025, Modified: July 19, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
CVE-2025-54309: CrushFTP Remote Admin Takeover | Fidelis Security CVE-2025-54309 is a critical, actively exploited zero-day in CrushFTP (versions before 10.8.5 and 11.3.4\_23 when DMZ proxy is not used), caused by mishandled AS2 validation. It permits remote attackers to gain admin access via HTTPS. Immediate patching is essential.
🔥 Top 10 Trending CVEs (04/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-25231](https://nvd.nist.gov/vuln/detail/CVE-2025-25231)** …
🔥 Top 10 Trending CVEs (03/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53772](https://nvd.nist.gov/vuln/detail/CVE-2025-53772)** - 📝 Web Deploy Remote Code Execution Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 8.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 6 - ⚠️ **Priority:** 2 - 📝 …
🔥 Top 10 Trending CVEs (30/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-7776](https://nvd.nist.gov/vuln/detail/CVE-2025-7776)** - 📝 Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of ServiceinNetScaler ADC and NetScaler Gateway whenNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, …
🔥 Top 10 Trending CVEs (29/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53779](https://nvd.nist.gov/vuln/detail/CVE-2025-53779)** - 📝 Windows Kerberos Elevation of Privilege Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 7.2 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C - 📣 **Mentions:** 14 - ⚠️ **Priority:** 2 - 📝 …
🔥 Top 10 Trending CVEs (28/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-57811](https://nvd.nist.gov/vuln/detail/CVE-2025-57811)** - 📝 Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI …
The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs
RESEARCH: Critical Zero-Day in CrushFTP Actively Exploited Our research team has been diving into the details of this ongoing attack. Make sure you're informed to talk to your clients and patch any vulnerabilities. On July 18, 2025, CrushFTP, a leading provider of managed file transfer (MFT) software, disclosed a critical …
New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC
🔥 Top 10 Trending CVEs (29/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-31199](https://nvd.nist.gov/vuln/detail/CVE-2025-31199)** - 📝 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be …