CVE-2025-54309 | CrushFTP up to 10.8.4/11.3.4_22 DMZ Proxy Feature unprotected alternate channel

A vulnerability classified as critical was found in CrushFTP up to 10.8.4/11.3.4_22. Affected by this vulnerability is an unknown functionality of the component DMZ Proxy Feature. The manipulation leads to unprotected alternate channel.

This vulnerability is known as CVE-2025-54309. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More