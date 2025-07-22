Almost half of the vulnerable internet-exposed CrushFTP instances are located in the U.S., a scan from The Shadowserver Foundation revealed. Organizations have already been urged by CrushFTP to update all instances older than versions 10.8.5 and 11.3.4_23, as well as evaluate logs for atypical activity and activate automated updates and IP whitelisting, to ensure defenses against attacks, which may have commenced on Thursday. Such attacks, the details of which remain lacking, come amid intensified targeting of file transfer software, particularly by the Clop ransomware gang. Before its most recent intrusions aimed at vulnerable Cleo software instances, Clop had set sights on Fortra GoAnywhere MFT, MOVEit Transfer, and Accellion FTA appliances to compromise leading organizations across different sectors.
Ongoing takeover intrusions could affect more than 1K CrushFTP servers
BleepingComputer reports that nearly 1,040 CrushFTP enterprise file transfer servers could be potentially taken over in intrusions involving the zero-day flaw, tracked as CVE-2025-54309, which stems from improperly managed AS2 validation.
