Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Sergiu Gatlan
July 21, 2025
07:34 AM
0
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface.
The security vulnerability (CVE-2025-54309) is due to mishandled AS2 validation and impacts all CrushFTP versions below 10.8.5 and 11.3.4_23. The vendortagged the flaw as actively exploitedin the wild on July 19th, noting that a...