CrushFTP CVE-2025-54309 Authentication Bypass Vulnerability Exploited

CrushFTP has reported active exploitation of the CVE-2025-54309 vulnerability, enabling remote attackers to gain admin access via HTTPS on unpatched servers. The attacks began around July 17, 2025, with threat actors leveraging previously used scripts to exploit devices running outdated versions of CrushFTP.

CrushFTP CVE-2025-54309 Vulnerability Alert CrushFTP has identified active exploitation of the CVE-2025-54309 vulnerability, allowing remote attackers to obtain admin access via HTTPS on unpatched servers. Exploits began around July 17, 2025, with attackers using old scripts to target outdated versions of CrushFTP.

Affected Versions
CrushFTP versions 10 before 10.8.5 CrushFTP versions 11 before 11.3.4_23 Recommended Actions Upgrade to CrushFTP 11.3.4_26 or 10.8.5_12. Implement IP whitelisting and limit admin access. Indicators of Compromise Recent modifications in MainUsers/default/user.XML. Unexpected admin access for regular users. Long random user IDs created.

 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security