CrushFTP warned its users about active exploitation of a zero-day vulnerability tracked as CVE-2025-54309. Successful exploitation of this vulnerability may allow remote attackers to obtain admin access via HTTPS on vulnerable servers. The vendor mentioned in the advisory that they observed many exploits on the morning of July 18th; the actual exploits may have occurred … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-54309)”
Tag: CrushFTP
CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)
Threat actors target an authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. Tracked as CVE-2025-31161, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow unauthenticated attackers to bypass authentication and gain unauthorized access. CISA added … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)”