CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Aug 12, 2025
High
CISA KEVCVE-2025-54309
CrushFTP—CrushFTP
CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
Required Action
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54309
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Jul 22, 2025
- KEV Added
- Jul 22, 2025
- Due Date
- Aug 12, 2025
- Related Articles
- 0
Vendor
CrushFTP
CrushFTP