CVE-2025-54309CISA KEV: Actively Exploited

CrushFTP Unprotected Alternate Channel Vulnerability

Published Jul 22, 2025·Updated Jul 22, 2025

Description

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.

Public Exploits & PoCs4 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free