CrushFTP zero-day exploited in attacks to gain admin access on servers

July 18, 2025

CrushFTP zero-day exploited in attacks to gain admin access on servers

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnera …

Published Date:
Jul 18, 2025 (2 hours, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-54309

Source: Read More

Previous ArticleCVE-2025-52164 – Agorum Core Password Storage Vulnerability

Next Article Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Highlights

CVE-2025-46567 – LLaMA Factory Deserialization Command Execution Vulnerability

May 1, 2025

CVE ID : CVE-2025-46567

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CrushFTP zero-day exploited in attacks to gain admin access on servers

CrushFTP zero-day exploited in attacks to gain admin access on servers

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

CVE-2024-7074 – WSO2 SOAP Admin File Upload RCE

CVE-2025-3969 – Codeprojects News Publishing Site Dashboard Remote File Upload Vulnerability

T-Mobile will give you the iPhone 16e for free with no trade-in – here’s how to get one

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

CVE-2025-46567 – LLaMA Factory Deserialization Command Execution Vulnerability

CVE-2025-37796 – “Linux Kernel WiFi at76c50x Use After Free”

Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security

OpenBubbles is a cross-platform app ecosystem

CrushFTP zero-day exploited in attacks to gain admin access on servers

CrushFTP zero-day exploited in attacks to gain admin access on servers

Related Posts