CrushFTP Crisis: Hackers Race to Exploit Zero-Day Flaw – Update Now!

WatchTowr Labs uncovers a zero-day vulnerability in CrushFTP, allowing hackers admin access through the web interface. With over 30,000 instances at risk, users should update to v10.8.5 or v11.3.4 pronto! It’s like leaving your front door open with a sign saying “Free Wi-Fi Inside!”

3P
Published: August 30, 2025 12:24 pmAdded: August 30, 2025 at 5:41 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like CrushFTP is not just crushing files but also crushing our dreams of secure data transfers! Who would’ve thought a simple HTTP request could lead to a hacker’s dream vacation, complete with admin access and a treasure trove of sensitive files? Time to update, because in the world of cybersecurity, procrastination is the biggest villain!

Key Points:

  • Zero-day vulnerability CVE-2025-54309 discovered in CrushFTP.
  • Hackers can gain admin access via the web interface using this exploit.
  • watchTowr Labs identified the flaw and added it to the CISA Catalogue.
  • CrushFTP versions prior to v10.8.5 and v11.3.4 are vulnerable.
  • Immediate software update is crucial to prevent exploitation.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?