A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability affecting CrushFTP file transfer servers. The flaw enables remote attackers to gain administrative privileges through a race condition in AS2 validation processing, circumventing authentication mechanisms entirely. Key Takeaways1. Race-condition exploit lets attackers bypass CrushFTP authentication.2. Public PoC on GitHub confirms […]
The post PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309) appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: