Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
A critical security flaw in CrushFTP, identified as CVE-2025-54309, has been disclosed and is currently being exploited in the wild. The vulnerability allows remote attackers to gain admin access on unpatched servers through mishandled AS2 validation when the DMZ proxy feature is not used.
CVE
Exploit
Vulnerability
Read Full Original Article →