Lucene search
K

59 matches found

GithubExploit
GithubExploit
added 2026/01/27 12:10 p.m.165 views

Exploit for Unprotected Alternate Channel in Crushftp

C...

9.8CVSS7.3AI score0.92034EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43177

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...

9.8CVSS6.8AI score0.81801EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.6 views

CVE-2018-18288

CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection...

6.1CVSS6.9AI score0.00642EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-10022

Malware in sbrugna...

6.1CVSS6.3AI score0.00642EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-5551

Malware in sbrugna...

6.1CVSS6.3AI score0.00708EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8227

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.99621EPSS
Exploits66References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-20435

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00504EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/08/29 3:5 a.m.191 views

Exploit for Unprotected Alternate Channel in Crushftp

CrushFTP AS2 Authentication Bypass – CVE-2025-54309 Aut...

9.8CVSS7.4AI score0.92034EPSS
Exploits7
NCSC
NCSC
added 2025/08/28 7:59 a.m.8 views

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...

9.8CVSS7.2AI score0.92034EPSS
Exploits7References1
CISA
CISA
added 2025/07/22 12:0 p.m.15 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...

9.8CVSS7.3AI score0.92034EPSS
In wildExploits10References9
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/22 12:0 a.m.29 views

CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...

9.8CVSS7.5AI score0.92034EPSS
In wildExploits7
The Hacker News
The Hacker News
added 2025/07/20 7:35 a.m.13 views

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309 , the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS...

10CVSS8.5AI score0.99963EPSS
Exploits47
GithubExploit
GithubExploit
added 2025/07/19 6:31 p.m.241 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP Authentication Bypass Exploit This...

9.8CVSS9.9AI score0.99963EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2025/07/18 8:25 p.m.10 views

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.423 across all platforms. According to the public-facing vendor advisory, this...

9.8CVSS7.5AI score0.92034EPSS
Exploits7
NVD
NVD
added 2025/07/18 7:15 p.m.10 views

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

9.8CVSS0.92034EPSS
Exploits7References6
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.6 views

PT-2025-30081

Name of the Vulnerable Software and Affected Versions CrushFTP versions prior to 10.8.5 CrushFTP versions prior to 11.3.4 23 Description An authentication bypass issue exists in the web management interface of CrushFTP due to improper validation of the AS2 protocol Applicability Statement 2, a...

9.8CVSS8.1AI score0.92034EPSS
Exploits7References210
Vulnrichment
Vulnrichment
added 2025/07/18 12:0 a.m.19 views

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

9CVSS6.5AI score0.92034EPSS
Exploits7References5
CVE
CVE
added 2025/07/18 12:0 a.m.167 views

CVE-2025-54309

CVE-2025-54309 affects CrushFTP 10.x prior to 10.8.5 and 11.x prior to 11.3.4_23. The flaw resides in AS2 validation/HTTP session handling (DMZ proxy handling) that can let remote attackers gain admin access via HTTPS, historically exploited in the wild around July 2025. Multiple public PoCs/expl...

9.8CVSS7.2AI score0.92034EPSS
In wildExploits7References6Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/07/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

9.8CVSS5.8AI score0.92034EPSS
In wildExploits7References71
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.10 views

CrushFTP 10.x < 10.8.5 / 11.x < 11.3.4_23 Privilege Escalation (CVE-2025-54309)

The CrushFTP application installed on the remote host is missing a vendor-supplied patch. It is, therefore, affected by a vulnerability. CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to...

9.8CVSS7.8AI score0.92034EPSS
Exploits7References3
Rows per page
Query Builder