CrushFTP warned its users about active exploitation of a zero-day vulnerability tracked as CVE-2025-54309. Successful exploitation of this vulnerability may allow remote attackers to obtain admin access via HTTPS on vulnerable servers. The vendor mentioned in the advisory that they observed many exploits on the morning of July 18th; the actual exploits may have occurred … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-54309)”