Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-54309

CRITICAL
Published 2025-07-18T00:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-54309. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.0
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
Not Available
Attack Complexity
Not Available
Privileges Required
Not Available
User Interaction
Not Available
Scope
Not Available

Impact Metrics

Confidentiality
Not Available
Integrity
Not Available
Availability
Not Available

Description

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

Available Exploits

No exploits available for this CVE.

Related News

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE a…

Cisa.gov 2025-07-22 12:00
Read More
CrushFTP zero-day actively exploited at least since July 18

Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software Cru…

Securityaffairs.com 2025-07-22 10:31
Read More
New CrushFTP Critical Vulnerability Exploited in the Wild

CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS

Infosecurity Magazine 2025-07-21 13:00
Read More
Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)

Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data t…

Help Net Security 2025-07-21 12:02
Read More
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ pr…

Internet 2025-07-20 07:35
Read More

Affected Products

CrushFTP

CrushFTP

Affected Versions:

10 11

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

On Track

Due Date

August 12, 2025 (18 days remaining)

Added to KEV

July 22, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: CrushFTP
Product: CrushFTP

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.07.22 Released: July 22, 2025

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

Affected Products (ENISA)

crushftp
crushftp

ENISA Scoring

CVSS Score (3.1)

9.0
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

7.440
probability

ENISA References

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025
https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/
https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/

Data provided by ENISA EU Vulnerability Database. Last updated: July 22, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-rh5q-v9ww-rqgm

Advisory Details

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-54309
WEB https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers
WEB https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025
WEB https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild

Advisory provided by GitHub Security Advisory Database. Published: July 18, 2025, Modified: July 19, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

5 posts
Reddit 1 hour, 48 minutes ago
Steve_Dobbs_69

CVE-2025-54309: Critical Vulnerability in CrushFTP Allowing Remote Admin Access

1
1.0
View Original
Reddit 2 days, 13 hours ago
CyberMaterial
Exploit

What’s happening in cybersecurity today? **Cyber Alerts** • 3,500 websites hijacked to mine crypto via JavaScript and WebSockets (Bfore.ai) • 7-Zip RAR5 bug (CVE-2025-53816) allows system crashes through crafted archives (Security Report) • CrushFTP zero-day (CVE-2025-54309) enables unauthenticated RCE via HTTP(S) (CrushFTP) **Major Incidents** • CoinDCX loses $44M from internal …

Also mentions: CVE-2025-53816
2
2.0
View Original High Risk
Reddit 2 days, 17 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (22/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53816](https://nvd.nist.gov/vuln/detail/CVE-2025-53816)** - 📝 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in …

Also mentions: CVE-2025-53771 CVE-2025-53770 CVE-2025-53816 CVE-2025-25257 CVE-2025-49706 CVE-2025-49704 CVE-2025-37103 CVE-2025-48927 CVE-2025-3248
2
2.0
View Original High Risk
Reddit 3 days, 17 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (21/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53771](https://nvd.nist.gov/vuln/detail/CVE-2025-53771)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 20/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 9 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-53771 CVE-2025-6965 CVE-2025-53770 CVE-2025-25257 CVE-2025-49706 CVE-2025-49704 CVE-2025-5777 CVE-2025-48927 CVE-2025-3248
1
1.0
View Original High Risk
Reddit 4 days, 12 hours ago
_cybersecurity_
Exploit

Hackers Target CrushFTP with Critical Vulnerability for Admin Access **A serious security flaw in CrushFTP is currently being exploited by hackers to gain unauthorized admin access on unpatched servers.** **Key Points:** - CVE-2025-54309 has a CVSS score of 9.0, indicating critical severity. - Attackers can exploit this flaw remotely without …

1
1
3.0
View Original High Risk

References

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025
https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/
https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/
Published: 2025-07-18T00:00:00.000Z
Last Modified: 2025-07-19T00:27:15.264Z
Copied to clipboard!