CrushFTP zero-day exploited in attacks to gain admin access on servers

Threat Level

76% BleepingComputer 7 hours ago Part of cluster #1265

CrushFTP zero-day exploited in attacks to gain admin access on servers Lawrence Abrams July 18, 2025 06:24 PM 0 CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP is an enterprise file transfer server used by organizations to securely and manage files over FTP, SFTP, HTTP/S, and other protocols. According to CrushFTP, threat ac...

Continue Reading on Original Site

Threat Intelligence

Ransomware 3

Attack Types 1

Ransomware

Vulnerabilities 1

Zero-Day

Business Intelligence

Companies 2

Google Qualcomm

Security Vendors 1

Rapid7

Platforms 2

Windows WordPress

Technical Indicators

CVEs 1

CVE-2025-54309

File Hashes

7a0d26089ac52894...

Information

Article ID: #3859
Published: 7 hours ago
Source: BleepingComputer

CrushFTP zero-day exploited in attacks to gain admin access on servers

Recommended Articles

2025-07-19 - Cluster AI Daily Threat Brief

Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

New CrushFTP zero-day exploited in attacks to hijack servers

Russian alcohol retailer WineLab closes stores after ransomware attack

Recommended Articles

2025-07-19 - Cluster AI Daily Threat Brief

Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

New CrushFTP zero-day exploited in attacks to hijack servers

Russian alcohol retailer WineLab closes stores after ransomware attack

Save to Folder

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies