Vulnerability cyber

CrushFTP

Jul 31, 2025 1 min read
CrushFTP

A significant zero-day vulnerability in CrushFTP has been disclosed, allowing unauthenticated attackers to achieve complete remote code execution on vulnerable servers. The flaw, tracked as CVE-2025-54309 and scoring a critical 9.8 on the CVSS scale, stems from a fundamental breakdown in security checks within CrushFTP’s DMZ proxy configuration. Security researchers have already released proof-of-concept exploit code, significantly raising the urgency for organizations running CrushFTP to implement immediate protective measures.

Source: https://cybersecuritynews.com/crushftp-0-day-technical-details-poc-released/

TPRM report: https://scoringcyber.rankiteo.com/company/crushftp

"id": "cru243073125",
"linkid": "crushftp",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'name': 'Organizations running CrushFTP',
                        'type': 'Business'}],
 'attack_vector': 'Malicious XML payloads via XML-RPC protocol',
 'description': 'A significant zero-day vulnerability in CrushFTP has been '
                'disclosed, allowing unauthenticated attackers to achieve '
                'complete remote code execution on vulnerable servers. The '
                'flaw, tracked as CVE-2025-54309 and scoring a critical 9.8 on '
                'the CVSS scale, stems from a fundamental breakdown in '
                'security checks within CrushFTP’s DMZ proxy configuration.',
 'impact': {'systems_affected': ['CrushFTP servers with DMZ proxy '
                                 'configuration']},
 'initial_access_broker': {'entry_point': '/WebInterface/function/ admin '
                                          'endpoint'},
 'motivation': 'Remote Code Execution (RCE)',
 'post_incident_analysis': {'root_causes': 'Failure to properly authenticate '
                                           'requests to the '
                                           '/WebInterface/function/ admin '
                                           'endpoint'},
 'recommendations': ['Immediately implement network-level restrictions to '
                     'block unauthorized access to admin endpoints',
                     'Apply any available vendor patches',
                     'Monitor for suspicious XML-RPC requests targeting the '
                     '/WebInterface/function/ path'],
 'references': [{'source': 'pwn.guide advisory'}],
 'response': {'containment_measures': ['Network-level restrictions to block '
                                       'unauthorized access to admin endpoints',
                                       'Monitor for suspicious XML-RPC '
                                       'requests'],
              'remediation_measures': ['Apply any available vendor patches']},
 'title': 'Zero-Day Vulnerability in CrushFTP (CVE-2025-54309)',
 'type': 'Zero-Day Vulnerability',
 'vulnerability_exploited': 'CVE-2025-54309'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SUSE

public 1 min read
A critical security vulnerability in SUSE Manager allows unauthenticated attackers to execute arbitrary commands with root privileges. This flaw, tracked…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.