Full Report
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. [...]
Analysis Summary
# Vulnerability: CrushFTP Zero-Day Exploited for Admin Access
## CVE Details
- CVE ID: Not explicitly provided in the text.
- CVSS Score: Not explicitly provided in the text.
- CWE: Not explicitly provided in the text.
## Affected Systems
- Products: CrushFTP
- Versions: All versions prior to the patch release. (Specific versions are not detailed)
- Configurations: Any running CrushFTP instance.
## Vulnerability Description
A zero-day vulnerability in CrushFTP is actively being exploited in the wild. Successful exploitation grants attackers administrative access to the affected servers. The exact technical nature of the flaw (e.g., RCE, authentication bypass) is not specified, but the outcome is unauthorized elevation to admin privileges.
## Exploitation
- Status: Exploited in the wild
- Complexity: Unknown (Likely Low to Medium, given active exploitation)
- Attack Vector: Unknown, but likely network-accessible given the nature of MFT solutions.
## Impact
- Confidentiality: High (Potential for data theft, as MFT solutions are high-value targets)
- Integrity: High (Ability to gain administrative access implies full system control)
- Availability: Unknown (May lead to service disruption)
## Remediation
### Patches
- Vendors have released patches. Users must consult the official CrushFTP advisories for specific version information.
### Workarounds
- Rapid7 advises against relying on a demilitarized zone (DMZ) as a mitigation strategy alone. Users are strongly advised to apply the vendor patches immediately, as perimeter defenses are insufficient.
## Detection
- Detection details are not provided in the source material, but monitoring for unauthorized administrative logins or unusual activity originating from file transfer sessions should be prioritized.
## References
- Vendor advisories for CrushFTP (Required for patch versions).
- bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/
- rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/ (Defanged)