Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
New CrushFTP zero-day exploited in attacks to hijack servers
Malware and Vulnerabilities
July 21, 2025
Bleepingcomputer
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
Read More
CrushFTP
zero-day vulnerability
CVE-2025-54309
Administrative Access
Web Interface
Publisher
Previous
A surveillance vendor was caught exploiting a new SS7 a ...
Breaches and Incidents
Next
Microsoft SharePoint servers under attack via zero-day ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/public_image/techcrunch5ba35766-d2d9-4e6b-b457-26d3ae7b240a.jpg)
/https://cyware-ent.s3.amazonaws.com/public_image/helpnetsecurityf766b2dd-a812-41b1-a94d-d09a1bac0c9c.webp)
