Critical CrushFTP Flaw (CVE-2025-54309) Exploited-Check If You’re at Risk
▼ Summary
– Attackers exploited a vulnerability (CVE-2025-54309) in CrushFTP to gain administrative access, with data theft being the likely motive.
– Around 1,040 exposed and unpatched CrushFTP instances are vulnerable, mainly in the US, Europe, and Canada.
– The vulnerability stems from mishandling AS2 validation, allowing unauthenticated attackers to access CrushFTP web interfaces via HTTPS.
– CrushFTP versions 10 (prior to v10.8.5) and 11 (prior to v11.3.4_23) are affected, but patched versions are secure.
– Organizations using CrushFTP should check for breaches, upgrade to the latest version, and follow mitigation advice from developers.
A newly discovered vulnerability in CrushFTP (CVE-2025-54309) is being actively exploited, putting enterprise file-transfer servers at risk of unauthorized administrative access. Security researchers warn that attackers have already targeted unpatched systems, though the full scope of the breach remains unclear.
The Shadowserver Foundation reports approximately 1,040 exposed CrushFTP instances remain vulnerable, primarily in the US, Europe, and Canada. While the exact number of compromised systems is unknown, organizations using outdated versions should immediately verify their security status.
The company confirmed that versions before CrushFTP 10.8.5 and 11.3.4_23 are at risk. While the latest updates include fixes, some organizations may still be running outdated deployments.
CrushFTP developers have provided indicators of compromise (IoCs) and remediation steps for impacted organizations. While some enterprise setups with DMZ-protected instances may have avoided exploitation, security experts caution against relying solely on network segmentation for protection.
For real-time updates on emerging threats, consider subscribing to cybersecurity bulletins. Staying informed is the first step in preventing breaches before they occur.
(Source: HelpNet Security)
