COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-54309

CVE-2025-54309

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-07-22
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-54309
⌖ exploited in the wild shame 50/100 exploited-in-wild

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.

Players implicated

CrushFTP · vendorCrushFTP · product

Description

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.