Security researchers have disclosed a critical zero-day vulnerability in CrushFTP, a popular file transfer server solution, that allows attackers to execute arbitrary commands on affected systems without authentication. The vulnerability, tracked as CVE-2025-54309, has been assigned a maximum CVSS score of 9.8 and poses an immediate threat to organizations running vulnerable CrushFTP installations. Authentication Bypass Leads […] The post CrushFTP Hit by Critical 0-Day RCE Vulnerability Full Technical Details and PoC Published appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/crushftp-hit-by-critical-0-day-rce-vulnerability/
