CVE-2025-54309 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-07-18

Added to CISA KEV: 2025-07-22 4 DAYS BETWEEN CVE AND KEV

IMMEDIATE: Update CrushFTP to version 10.8.5+ or 11.3.4_23+ immediately
URGENT: If patching not immediately possible, implement DMZ proxy feature as recommended by vendor
Monitor CrushFTP access logs for suspicious admin access attempts via HTTPS
Conduct forensic analysis of any CrushFTP instances for signs of compromise
This is CRITICAL priority patching due to CISA KEV listing and active exploitation

CVE-2025-54309: Crush FTP Vulnerability Exploited in the Wild
This vulnerability in the CrushFTP managed file transfer software web interface is being exploited in the wild.
eSentire | CrushFTP Zero-Day Vulnerability CVE-2025-54309
Given the large number of exposed, internet-facing vulnerable instances and ongoing exploitation of the CVE-2025-54309, organizations are strongly urged to ...
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on ...
A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not...
First Look at CVE-2025-54309: Dissecting the Latest CrushFTP Exploit
ReliaQuest observed an attempted exploitation of CVE-2025-54309—a zero-day vulnerability in CrushFTP’s file transfer software.
CVE-2025-54309: Critical Admin Access Vulnerability in... - IONIX
Exploitation Methods CVE-2025-54309. To exploit this vulnerability, an attacker: Identifies a target CrushFTP instance that

🔴 CVE-2025-54309