VYPR
Unrated severityCISA KEVNVD Advisory· Published Jul 18, 2025· Updated Oct 21, 2025

CVE-2025-54309

CVE-2025-54309

Description

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Crushftp/Crushftpllm-fuzzy2 versions
    <10.8.5 (10.x) and <11.3.4_23 (11.x)+ 1 more
    • (no CPE)range: <10.8.5 (10.x) and <11.3.4_23 (11.x)
    • (no CPE)range: 10

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.