CrushFTP

PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

• Vulnerability Report

PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

Do Son August 28, 2025 0

watchTowr Labs has released a detailed analysis of CVE-2025-54309, a zero-day authentication bypass vulnerability in CrushFTP, the...

Read More Read more about PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

• Vulnerability Report

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

Do Son July 23, 2025 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Read More Read more about CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability

• Vulnerability Report

CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability

Do Son July 19, 2025 0

CrushFTP, a widely used secure file transfer server, has issued an urgent advisory regarding a critical zero-day...

Read More Read more about CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

• Vulnerability

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

Do Son April 15, 2025 0

CrushFTP, a popular file transfer server, is facing increased scrutiny following the discovery of two significant security...

Read More Read more about CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template

• Vulnerability

CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template

Do Son March 31, 2025 0

ProjectDiscovery has published a technical breakdown of CVE-2025-2825, a critical authentication bypass flaw in CrushFTP—a widely used...

Read More Read more about CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template

CVE-2025-2825: Critical Vulnerability in CrushFTP Exposes Servers to Unauthenticated Access Risk

• Vulnerability

CVE-2025-2825: Critical Vulnerability in CrushFTP Exposes Servers to Unauthenticated Access Risk

Do Son March 27, 2025 0

Admins urged to patch immediately as CrushFTP discloses high-severity flaw impacting versions 10 and 11. A new...

Read More Read more about CVE-2025-2825: Critical Vulnerability in CrushFTP Exposes Servers to Unauthenticated Access Risk

CVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover

• Vulnerability

CVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover

Do Son December 23, 2024 0

CrushFTP, a popular file transfer server known for its robust features and user-friendly interface, has issued an...

Read More Read more about CVE-2024-53552 (CVSS 9.8): CrushFTP Flaw Exposes Users to Account Takeover

CISA Added Critical Vulnerabilities in Cisco Products and CrushFTP to KEV

• Vulnerability

CISA Added Critical Vulnerabilities in Cisco Products and CrushFTP to KEV

Do Son April 24, 2024 0

In a pressing announcement, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert for...

Read More Read more about CISA Added Critical Vulnerabilities in Cisco Products and CrushFTP to KEV

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

• Vulnerability

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

Do Son April 22, 2024 0

A new critical vulnerability has emerged, targeting users of the popular enterprise file transfer software, CrushFTP. This...

Read More Read more about CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

CVE-2023-43177: CrushFTP Unauthenticated RCE Zero-Day Vulnerability

• Vulnerability

CVE-2023-43177: CrushFTP Unauthenticated RCE Zero-Day Vulnerability

Do Son November 16, 2023 0

CrushFTP is a widely used file transfer server that facilitates secure file transfers between various devices and...

Read More Read more about CVE-2023-43177: CrushFTP Unauthenticated RCE Zero-Day Vulnerability