CVE-2025-54309

ENISA EUVD: EUVD-2025-21909 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 5 articles Published: 2025-07-18

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

76.8%

probability

This CVE has a 76.8% probability of being exploited in the next 30 days.

0% Top 99.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

CRITICAL

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

Affected Products

CrushFTP

10 11

crushftp

CrushFTP

10 <10.8.5

CrushFTP

11 <11.3.4_23

Attack Intelligence

CWE-284 · Improper Access Control CWE-420 · Unprotected Alternate Channel CWE-923 · Improper Restriction of Communication Channel to Intended Endpoints

Exploits & PoC

watchtowrlabs/watchTowr-vs-CrushFTP-Authentication-Bypass-CVE-2025-54309

28 2025-08-25

foregenix/CVE-2025-54309

Exploitation scripts for the CrushFTP CVE-2025-54309: vulnerability

2 2025-09-03

0xLittleSpidy/CVE-2025-54309

1 2026-01-27

blueisbeautiful/CVE-2025-54309

CrushFTP AS2 Authentication Bypass

0 2025-08-30

whisperer1290/CVE-2025-54309__Enhanced_exploit

0 2025-09-06

chin-tech/CrushFTP_CVE-2025-54309

0 2025-09-13

6 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025

https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/

https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/

https://www.vicarius.io/vsociety/posts/cve-2025-54309-detect-crushftp-vulnerability

https://www.vicarius.io/vsociety/posts/cve-2025-54309-mitigate-crushftp-vulnerability

Signal Intelligence

Confidenceⓘ

92%

EPSS 76.8%

CVSS v3.1 9

Mentions 5

Last Seen Mar 03, 2026

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2025-54309 is explicitly described in the official CVE description as 'exploited in the wild in July 2025,' matching the CVE publication date of 2025-07-18. Multiple authoritative sources (BleepingComputer, CERT-EU) explicitly label it as a 'zero-day exploited in attacks.' The critical CVSS 9.0 score and vendor patches (10.8.5, 11.3.4_23) confirm this is an active, unpatched vulnerability being exploited immediately upon discovery.

Threat Actors 4

Hacking Team

apt_group 🇮🇹 IT

Infy

apt_group Information theft and espionage 🇮🇷 IR

The White Company

apt_group Information theft and espionage 🇨🇳 CN

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateJul 18, 2025