Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP warned of a zero-day that has […]
First seen on securityaffairs.com
Jump to article: securityaffairs.com/180244/hacking/crushftp-zero-day-actively-exploited-at-least-since-july-18.html
