Exploit for Unprotected Alternate Channel in Crushftp

🗓️ 06 Sep 2025 21:43:50Reported by whisperer1290Type

githubexploit

githubexploit🔗 github.com👁 159 Views

Enhanced exploit for CrushFTP vulnerability 2025-54309 adds admin user via race condition in authorized testing.

Reporter	Title	Published	Views	Family All 27
GithubExploit	Exploit for Unprotected Alternate Channel in Crushftp	27 Jan 202612:10	–	githubexploit
GithubExploit	Exploit for Unprotected Alternate Channel in Crushftp	26 Jul 202514:51	–	githubexploit
GithubExploit	Exploit for Unprotected Alternate Channel in Crushftp	13 Sep 202507:42	–	githubexploit
GithubExploit	Exploit for Unprotected Alternate Channel in Crushftp	25 Aug 202503:07	–	githubexploit
GithubExploit	Exploit for Unprotected Alternate Channel in Crushftp	6 Dec 202510:12	–	githubexploit
GithubExploit	Exploit for Unprotected Alternate Channel in Crushftp	29 Aug 202503:05	–	githubexploit
BDU FSTEC	The vulnerability of the web interface of the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code with elevated privileges.	21 Jul 202500:00	–	bdu_fstec
Circl	CVE-2025-54309	18 Jul 202519:40	–	circl
CISA KEV Catalog	CrushFTP Unprotected Alternate Channel Vulnerability	22 Jul 202500:00	–	cisa_kev
CISA	CISA Adds Four Known Exploited Vulnerabilities to Catalog	22 Jul 202512:00	–	cisa

06 Sep 2025 22:02Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.19 - 9.8

EPSS0.768

crushftp vulnerability enhanced exploit admin user race condition authorized testing penetration testing labs