tenfloMar 23
La hackeuse Martha Root pour illustrer la compromission d'un site de rencontre via des #​CVEs #CrushFTPhttps://youtu.be/E8-Z_EMcawI #​nginx
Hack The Box - Soulmate - Cherche une âme soeur de couleur caramel

YouTube
PUPUWEB BlogSep 2, 2025

Using CrushFTP? A critical zero-day flaw gives attackers full server control without a password. It's being actively exploited. Learn how to check your version and apply the urgent patch now with our guide. #CrushFTP #CyberSecurity #Vulnerability

https://pupuweb.com/how-to-check-and-fix-critical-crushftp-security-flaw-cve-2025-54309/

CyberVeille.chSep 1, 2025
📢 CVE-2025-54309 : accès concurrent sur CrushFTP donnant un accès admin, exploitée activement
📝 Source : watchTowr Labs.
📖 cyberveille : https://cyberveille.ch/posts/2025-09-01-cve-2025-54309-acces-concurrent-sur-crushftp-donnant-un-acces-admin-exploitee-activement/
🌐 source : https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309/
#CVE_2025_54309 #CrushFTP #Cyberveille
CVE-2025-54309 : accès concurrent sur CrushFTP donnant un accès admin, exploitée activement

Source : watchTowr Labs. Contexte : les chercheurs décrivent comment ils ont observé et reproduit l’exploitation active de CVE-2025-54309 affectant CrushFTP, listée dans le CISA KEV le 22 juillet 2025, et permettant un accès administrateur via HTTPS lorsque la fonctionnalité proxy DMZ n’est pas utilisée. • Vulnérabilité et impact. La faille touche « CrushFTP 10 avant 10.8.5 » et « 11 avant 11.3.4_23 » et provient d’une mauvaise gestion de la validation AS2. Exploitée en juillet 2025, elle permet d’obtenir des privilèges administrateur (ex. l’utilisateur intégré crushadmin), entraînant un contrôle total du serveur (création/lecture de fichiers sensibles). Le billet souligne l’ampleur potentielle avec plus de 30 000 instances exposées.

CyberVeille
OffSequenceAug 31, 2025
🚨 CRITICAL zero-day in CrushFTP: attackers can take over servers, risking data theft & business disruption. No patch yet — restrict access, monitor logs, and stay alert for updates. Action needed for all CrushFTP users! https://radar.offseq.com/threat/hackers-exploit-crushftp-zero-day-to-take-over-ser-ff39bbd4 #OffSeq #CrushFTP #ZeroDay #BlueTeam
InkDesignAug 30, 2025
✨ Alerta de Segurança: Vulnerabilidade no CrushFTP!
📝 Uma falha crítica no CrushFTP pode abrir portas para ataques a servidores. Descubra como essa vulnerabilidade pode afetar sua segurança e quais medidas tomar para se proteger. Não fique à mercê de ameaças cibernéticas! Clique no link e fique por dentro das últimas atualizações sobre segurança!
.
.
.#SegurançaCibernética #CrushFTP #Vulne...
https://inkdesign.com.br/vulnerabilidade-no-crushftp-permite-ataque-a-servidores/?fsp_sid=132548
Vulnerabilidade no CrushFTP permite ataque a servidores

São Paulo — InkDesign News — A WatchTowr Labs revelou uma vulnerabilidade crítica, identificada como CVE-2025-54309, encontrada no CrushFTP, um servidor de transferência de arquivos amplamente utiliza

INK|DESIGN NEWS
Hackread.comAug 30, 2025

🚨 Hackers are exploiting a CrushFTP Zero-Day (CVE-2025-54309) to gain admin access and take over servers. Update to v10.8.5 or v11.3.4 now!

Read: https://hackread.com/hackers-exploit-crushftp-zero-day-take-over-servers/

#CyberSecurity #CrushFTP #Vulnerability #0day

Hackers Exploit CrushFTP Zero-Day to Take Over Servers

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
RedPacket SecurityAug 20, 2025

CVE Alert: CVE-2025-54309 - CrushFTP - CrushFTP - https://www.redpacketsecurity.com/cve-alert-cve-2025-54309-crushftp-crushftp/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-54309 #crushftp #

CVE Alert: CVE-2025-54309 - CrushFTP - CrushFTP - RedPacket Security

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers

RedPacket Security
Security LandJul 22, 2025

🚨 ALERT: CrushFTP zero-day vulnerability (CVE-2025-54309) is actively compromising government and healthcare networks worldwide. Attackers reverse-engineered vendor code to exploit old bugs - a dangerous new attack methodology that challenges traditional patch management. CVSS 9.0 severity demands immediate action.

#SecurityLand #CyberWatch #CyberSecurity #ZeroDay #InfoSec #CrushFTP #Healthcare #Government #FTP #SecurityVulnerability

Read More: https://www.security.land/critical-crushftp-zero-day-attack-compromises-government-and-healthcare-networks-worldwide/

securityaffairsJul 22, 2025
#CrushFTP zero-day actively exploited at least since July 18
https://securityaffairs.com/180244/hacking/crushftp-zero-day-actively-exploited-at-least-since-july-18.html
#securityaffairs #hacking
CrushFTP Zero-Day actively exploited at least since July 18

Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off.

Security Affairs
Marcel SIneM(S)USJul 22, 2025
#Exploit für #CrushFTP: Ältere Versionen können Admin-Zugriff gewähren | Security https://www.heise.de/news/CrushFTP-Aeltere-Versionen-koennen-unbefugten-Admin-Zugriff-gewaehren-10495005.html #Patchday
Exploit für CrushFTP: Ältere Versionen können Admin-Zugriff gewähren

Ein frischer Exploit zielt auf eine kritische Lücke in älteren Versionen der Datentransfer-Software CrushFTP. Seit Anfang Juli gibt es abgesicherte Ausgaben.

heise online