A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifierCVE-2025-54309, the vulnerability carries a CVSS score of 9.0.
"CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS," according to adescriptionof the vulnerability in the NIST's National Vulnerability Database (NVD).
CrushFTP, in an ...
SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available
SecurityWeek
1 hour ago
Enterprises running SharePoint servers should not wait for a fix for CVE-2025-53770 and should commence threat hunting to for compromise immediately....
