A critical zero-day vulnerability (CVE-2025-54309) in the enterprise file-transfer server CrushFTP is being actively exploited, granting unauthenticated remote attackers administrative access, likely for data theft. Approximately 1,040 unpatched instances, predominantly in the US, Europe, and Canada, remain exposed. Organizations utilizing CrushFTP must immediately assess for compromise and upgrade to patched versions (v10.8.5 or v11.3.4_23 or later) to mitigate this significant cybersecurity risk, which underscores a persistent threat landscape for file transfer solutions.
A critical zero-day vulnerability, CVE-2025-54309, is being actively exploited in the CrushFTP enterprise file-transfer solution, allowing unauthenticated attackers to gain administrative access. The primary motive is suspected to be data theft. The scale of exposure is significant, with the Shadowserver Foundation identifying approximately 1,040 unpatched instances, predominantly in the US, Europe, and Canada. This incident is part of a broader trend of attacks targeting file transfer solutions since April 2024, including previous CrushFTP exploits (CVE-2024-4040). The situation highlights a tangible operational risk for businesses relying on this software, underscored by a 'strongly negative' sentiment score of -0.65. Notably, cybersecurity firm Rapid7 (RPD) has contradicted the vendor's guidance, advising clients not to rely on a demilitarized zone (DMZ) as a sufficient mitigation strategy, thereby elevating the perceived risk and emphasizing the immediate need for patching to the latest versions.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.65
Ticker Sentiment
