CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.423 across all platforms. According to the public-facing vendor advisory, this...

CVE-2022-32583

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors...