A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Tracked as CVE-2025-54309, the bug allows unauthenticated attackers to obtain full administrative control of vulnerable servers over HTTPS. CrushFTP says the issue was inadvertently resolved in builds […]...
CrushFTP zero-day exploited in attacks to gain admin access on servers
BleepingComputer
20 hours ago
CrushFTP zero-day exploited in attacks to gain admin access on servers Lawrence Abrams July 18, 2025 06:24 PM 0 CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability ...