About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
CVSS Score: 9.0 (Critical)
Identifier: CVE-2025-54309
Exploit or POC: Yes – actively exploited in the wild via HTTPS zero-day attacks
Update: CVE-2025-54309 – CrushFTP Security Advisory
Description: CVE-2025-54309 impacts CrushFTP versions 10 before 10.8.5 and 11 before 11.3.4_23 when the DMZ proxy feature is disabled. The flaw involves improper validation of AS2 protocol input via HTTPS, allowing remote attackers to bypass authentication and gain administrative access. This vulnerability has been actively exploited in real-world campaigns targeting exposed servers starting in mid-July 2025. Attackers have used the HTTP(S) interface to issue crafted AS2 messages, gaining control over instances and creating misleading admin accounts.
Mitigation Recommendation: Upgrade immediately to CrushFTP 10.8.5_12 or 11.3.4_26 (or later).