Urgent: CrushFTP Patches Zero-Day Vulnerability Exploited by Hackers
CrushFTP has issued an urgent security update, releasing patched versions 11.3.4_26 and 10.8.5_12 by July 18, 2025. This follows the discovery of hackers exploiting a zero-day vulnerability (CVE-2025-54309) to gain admin access via HTTPS.
The vulnerability, present in versions prior to 10.8.5 and 11.3.4_23, has been exploited since at least July 18, 2025. CrushFTP urges customers to update to the latest patched versions immediately. Users should also validate MD5 hashes via the 'About' tab to ensure no tampering or injected code.
Indicators of compromise include unusual entries in 'last_logins', recent modification dates, unknown admin users, long random usernames, missing WebInterface buttons, fake version numbers, and altered files. Review transfer logs for suspicious activity, as attackers are reusing old scripts. If exploited, users should restore a backup of the default user from before July 18, 2025, with the safest option being to restore to the July 16 state.
CrushFTP has addressed the zero-day vulnerability with the latest updates. Users are advised to update promptly, validate hashes, and monitor for signs of compromise. If affected, restore from a clean backup. No organization has been found to have released a solution for this issue as of July 18, 2025.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- EU Fights Surge in Cyber Threats Targeting Energy Infrastructure
