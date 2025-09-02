Vulnerability Management

Attacks harnessing CrushFTP zero-day continue

ZERO-DAY text and binary code concept from the desktop computer screen,ZERO-DAY vulnerability concept (also known as a 0-day)A zero-day vulnerability is a flaw in software or hardware.

More than 30,000 internet-exposed CrushFTP file transfer servers are at risk of being compromised in ongoing attacks exploiting the zero-day flaw, tracked as CVE-2025-54309, which was added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog in late July, according to HackRead. Attempted exploitation of the flaw was observed from a pair of similar HTTP requests repeated over 1,000 times, with only the first having a header pointing to the crushadmin user, indicating a potential race condition, a report from watchTowr Labs showed. Arrival of requests in a particular order would enable the second to exploit the first and allow unauthorized execution as crushadmin, permitting total server takeovers and data compromise, said watchTowr Labs researchers. Meanwhile, CrushFTP urged the immediate implementation of newer versions of the software that address the flaw. "We had fixed a different issue related to AS2 in HTTP(S) not realizing that prior bug could be used like this exploit was. Hackers apparently saw our code change, and figured out a way to exploit the prior bug," said CrushFTP.

