CVE-2025-54309
CrushFTP Unprotected Alternate Channel Vulnerability
⚠ KEVEPSS 76.8%
Description
CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
How to fix CVE-2025-54309
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2025-54309 being exploited?
Yes — CVE-2025-54309 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.