Serial number: AV25-432
Date: July 21, 2025
On July 18, 2025, CrushFTP published a security advisory to address a vulnerability in the following product:
- CrushFTP – versions 10 prior to 10.8.5
- CrushFTP – versions 11 prior to 11.3.4_23
CrushFTP is aware that an exploit for CVE-2025-54309 exists in the wild.
The Cyber Centre encourages users and administrators to review the provided web link, follow the recommended mitigation and apply the necessary updates.