CVE-2025-54309 – CrushFTP Remote Admin Access Vulnerability

July 18, 2025

CVE ID : CVE-2025-54309

Published : July 18, 2025, 7:15 p.m. | 3 hours, 44 minutes ago

Description : CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7802 – PHPGurukul Complaint Management System Cross Site Scripting Vulnerability

Next Article CVE-2025-7800 – “CGPandey Hotelmis HTTP GET Request Handler Cross-Site Scripting Vulnerability”

Highlights

CVE-2025-8523 – RiderLike Fruit Crush-Brain App Android Component Export Vulnerability

August 4, 2025

CVE ID : CVE-2025-8523

Published : Aug. 4, 2025, 8:15 p.m. | 3 hours, 28 minutes ago

Description : A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

elementary OS Preview Some Cool Upcoming Features

May 16, 2025

CVE-2025-53097 – Roo Code Schema Fetching File Read and Write Vulnerability

June 27, 2025

‘Clair Obscur: Expedition 33’ hits 1 million copies sold in just three days (not including Xbox Game Pass) proving demand for photorealistic JRPG-styled games

April 27, 2025

Microsoft Graph CLI to be retired

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

I asked AI to modify mission-critical code, and what happened next haunts me

Why you should delete your browser extensions right now – or do this to stay safe

Dolby Vision 2 comes with big upgrades – here’s which TVs get them first

This one small feature makes this travel charger my favorite for business trips

Laracon AU 2025 Talk Titles Revealed

Laracon AU 2025 Talk Titles Revealed

Stop Writing Bad Controllers: Laravel Custom Collections Transform Your Code

Handle ownership relationships between Eloquent models with Laravel Ownable

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

How to Open Ports in Firewall on Windows Server

Google TV Remote Not Working? 5 Quick Fixes

CVE-2025-54309 – CrushFTP Remote Admin Access Vulnerability

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities

CISA, NIST Researchers Develop Metric to Determine Likelihood of Vulnerability Exploitation

Hash Calculator – calculates around 50 cryptographic hashes of strings and files

CVE-2025-4818 – SourceCodester Doctor’s Appointment System SQL Injection

CVE-2025-8523 – RiderLike Fruit Crush-Brain App Android Component Export Vulnerability

elementary OS Preview Some Cool Upcoming Features

CVE-2025-53097 – Roo Code Schema Fetching File Read and Write Vulnerability

‘Clair Obscur: Expedition 33’ hits 1 million copies sold in just three days (not including Xbox Game Pass) proving demand for photorealistic JRPG-styled games

CVE-2025-54309 – CrushFTP Remote Admin Access Vulnerability

Related Posts