CNNVD-202507-2381 Information

CNNVD ID

CNNVD-202507-2381

Related CVE

CVE-2025-54309

• CNNVD Published: 2025-07-18

Description (Chinese)

CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 10.8.5之前版本和11.3.4_23之前版本存在安全漏洞，该漏洞源于AS2验证处理不当，可能导致远程攻击者获取管理员权限。

Description (English)

CrushFTP is a file transfer server for CrushFTP. CrushFTP 10.8.5 and 11.3.4 23 have a security loophole, which stems from the inappropriate handling of AS2 certification, which may result in remote attackers gaining administrator authority.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

CrushFTP

Published

2025-07-18

Last Modified

2026-02-24

References

https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/ https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025 https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/ https://access.redhat.com/security/cve/cve-2025-54309

Patch

https://www.crushftp.com/download.html