Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2025-54309NVD

Description

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

Severity Level

CRITICAL (9.0)

Published Date

18/07/2025

Last Modified

23/07/2025

Exploitation Status

ACTIVE

References

https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025
https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

Advanced Threat Data Export

CVE-2025-54309NVD

Description

References