× News Alerts AI News CyberSec News Let's Talk Local AI Bank Tech News Cyber Advisories Contact

CrushFTP zero-day exploited, attackers gain admin access

Newsroom - 24 July 2025 - 13:31

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

CrushFTP zero-day exploited, attackers gain admin access

CrushFTP has issued a caution regarding an active zero-day vulnerability, designated as CVE-2025-54309, which threat actors are currently exploiting.

This flaw grants attackers administrative access to vulnerable servers through their web interface. Although the initial detection of threat actors leveraging this vulnerability occurred on July 18th at 9AM CST, it is conceivable that the activity commenced during the early hours of the preceding day.

CrushFTP zero-day vulnerability CVE-2025-54309 administrative access

CrushFTP zero-day exploited, attackers gain admin access

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

Subscribe for AI & Cybersecurity news and insights