A significant zero-day vulnerability in CrushFTP has been disclosed, allowing unauthenticated attackers to achieve complete remote code execution on vulnerable servers. The flaw, tracked as CVE-2025-54309 and scoring a critical 9.8 on the CVSS scale, stems from a fundamental breakdown in security checks within CrushFTP’s DMZ proxy configuration. Security researchers have already released proof-of-concept exploit […]
The post Critical CrushFTP 0-Day RCE Vulnerability Technical Details and PoC Released appeared first on Cyber Security News.
This article has been indexed from Cyber Security News