Critical CrushFTP Vulnerability: Hackers Gain Admin Access on Unpatched Servers
Discover the critical CrushFTP flaw actively exploited by hackers and how to protect your server. Learn about the vulnerability, its impact, and mitigation strategies.
TL;DR
- A critical security flaw in CrushFTP, assigned CVE-2025-54309, is being actively exploited by hackers to gain admin access.
- The vulnerability affects CrushFTP versions 10 before 10.8.5 and 11 before 11.3.4_23, carrying a CVSS score of 9.0.
- Users are urged to update their CrushFTP installations immediately to mitigate this risk.
Critical CrushFTP Flaw Actively Exploited by Hackers
A newly disclosed critical security flaw in CrushFTP is currently being exploited by hackers in the wild. This vulnerability, assigned the identifier CVE-2025-54309, carries a CVSS score of 9.0, indicating its severe nature.
The flaw affects CrushFTP versions 10 before 10.8.5 and 11 before 11.3.4_23, particularly when the DMZ proxy feature is not used. The vulnerability arises from the mishandling of AS2 validation, allowing remote attackers to obtain admin access via HTTPS1.
Impact and Mitigation
The impact of this vulnerability is significant, as it grants unauthorized admin access to attackers, potentially leading to data breaches, system compromises, and further malicious activities.
To mitigate this risk, users are strongly advised to update their CrushFTP installations to the latest versions immediately. This will ensure that the vulnerability is patched and the system is secured against potential attacks.
Conclusion
The active exploitation of the CVE-2025-54309 vulnerability in CrushFTP underscores the importance of timely updates and vigilant security practices. By keeping software up-to-date and being aware of emerging threats, organizations can better protect themselves against cyber attacks.
References
-
(2025). “Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers”. The Hacker News. Retrieved 2025-07-20. ↩︎