CrushFTP zero-day actively exploited at least since July 18

Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP warned of a zero-day that hasSecurity AffairsRead More