A recent critical security vulnerability in CrushFTP, identified as CVE-2025-54309, is currently being exploited in the wild. This vulnerability has a CVSS score of 9.0 and affects CrushFTP versions prior to 10.8.5 and 11.3.4_23 when the DMZ proxy feature is not in use. Specifically, it mishandles AS2 validation, allowing attackers to gain administrative access over HTTPS.
CrushFTP discovered this zero-day exploitation on July 18, 2025, although the vulnerability might have been weaponized sooner. The attack vector utilized by the hackers involves the HTTP(S) protocol, taking advantage of a prior bug that was overlooked during a previous code fix. The vulnerability presents a significant risk as CrushFTP is widely employed in sensitive environments, such as government and healthcare, where compromised access could lead to severe data breaches and system intrusions.
The attackers reportedly managed to reverse engineer the CrushFTP source code to identify the flaw, targeting instances that had not been updated. This vulnerability is believed to have existed in versions released before July 1, 2025. CrushFTP has shared several indicators of compromise (IoCs) for systems potentially affected:
- Default user accounts retain admin access.
- Unusually long and random user IDs being generated.
- Unexpected creation of new usernames with administrative privileges.
- Modification timestamps for the "MainUsers/default/user.xml" file.
- Disappearance of buttons from the user web interface and the elevation of regular users to admins.
To mitigate the risks, users should restore default user settings from backups, review transfer reports for unusual activity, limit access to specific IP addresses, and ensure automatic updates are active.
The broader context includes a pattern of multiple significant vulnerabilities affecting CrushFTP over the past year, suggesting it has become a recurring target for sophisticated threat actors. Organizations utilizing CrushFTP need to reassess their security posture and patch management strategies to address these vulnerabilities effectively.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.