A critical vulnerability in CrushFTP, tracked as CVE-2025-54309, is being actively exploited in the wild, posing a significant threat to organizations using the affected versions of the software. The flaw, which has been assigned a CVSS score of 9.8, allows remote attackers to gain administrative access via HTTPS when the DMZ proxy feature is not utilized. This vulnerability impacts CrushFTP versions 10 before 10.8.5 and 11 before 11.3.4_23.
The vulnerability was publicly disclosed on July 18, 2025, and within just four days, attackers began exploiting it, highlighting the urgency for organizations to address this issue. The flaw is listed in the Known Exploited Vulnerabilities (KEV) catalog as of July 22, 2025, underscoring its critical nature and the need for immediate remediation.
CVE-2025-54309 stems from improper handling of AS2 validation, categorized under CWE-420. This allows attackers to bypass authentication mechanisms and potentially take control of the affected systems. The exploitation of this vulnerability can lead to unauthorized access to sensitive data and systems, making it a prime target for cybercriminals.
Proof-of-concept (PoC) exploits for this vulnerability have been made publicly available, with at least seven different PoCs circulating online. This availability of PoCs increases the risk of exploitation, as it lowers the barrier for attackers to launch successful attacks against vulnerable systems.
Security experts recommend that organizations using CrushFTP immediately update to the latest versions—10.8.5 or 11.3.4_23—to mitigate the risk of exploitation. Additionally, enabling the DMZ proxy feature can provide an additional layer of protection against this specific attack vector.
Given the high Exploit Prediction Scoring System (EPSS) score of 0.778, the likelihood of exploitation is significant, and organizations should prioritize patching this vulnerability. The Security Stakeholder Value Chain (SSVC) has also categorized this vulnerability as "act," indicating that immediate action is necessary to prevent potential breaches.
Organizations are advised to review their systems for any signs of compromise and ensure that all security patches are up to date. Monitoring network traffic for unusual activity and implementing additional security measures, such as multi-factor authentication, can further help protect against unauthorized access.
As cyber threats continue to evolve, staying informed about vulnerabilities like CVE-2025-54309 and taking proactive measures to secure systems is crucial for maintaining the integrity and security of organizational data and infrastructure.
CSURFACE