CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild


On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.4_23 across all platforms.

According to the public-facing vendor advisory, this vulnerability in the CrushFTP managed file transfer software web interface is being exploited in the wild. Based on the Indicators of Compromise provided in the advisory, a “last_logins” value set for the internal ‘default’ user account is indicative of exploitation.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Android: New StrandHogg vulnerability is being exploited in the wild

    December 2, 2019

    Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf. In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions ...

  • Exploit code published for dangerous Apache Solr remote code execution flaw

    November 25, 2019

    Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought. Apache Solr is a Java-based open-source search engine, initially developed to add search functionality to the CNET website. The project was donated to the Apache Software Foundation in 2006, from where ...

  • Critical Flaws in VNC Threaten Industrial Environments

    November 22, 2019

    The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible servers in systems that use the code. The ...

  • High-Severity Windows UAC Flaw Enables Privilege Escalation

    November 20, 2019

    Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control (UAC), a security feature of Windows within Secure Desktop which helps prevent unauthorized changes to the operating system. “With UAC fully ...

  • New Roboto botnet emerges targeting Linux servers running Webmin

    November 20, 2019

    A cybercrime group is enslaving Linux servers running vulnerable Webmin apps into a new botnet that security researchers are currently tracking under the name of Roboto. The botnet’s appearance dates back to this summer and is linked to the disclosure of a major security flaw in a web app installed on more than 215,000 servers — ...

  • Thousands of businesses vulnerable to ‘severe’ Oracle EBS flaws

    November 20, 2019

    Security researchers at Onapsis have discovered a number of ‘severe’ vulnerabilities in Oracle’s E-Business Suite (EBS) that could leave more than 21,000 organisations at risk of financial theft and fraud. Oracle EBS has become a critical set of products that help to integrate customer relationship management (CRM), enterprise resource planning (ERP) and supply chain management processes within a ...