New CrushFTP zero-day exploited in attacks to hijack servers
Lawrence Abrams
July 18, 2025
06:24 PM
0
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
CrushFTP is an enterprise file transfer server used by organizations to securely and manage files over FTP, SFTP, HTTP/S, and other protocols.
According to CrushFTP, threat actors were ...
