CrushFTP security advisory (AV25-432)

Serial number: AV25-432
Date: July 21, 2025

On July 18, 2025, CrushFTP published a security advisory to address a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following product:

• CrushFTP – versions 10 prior to 10.8.5
• CrushFTP – versions 11 prior to 11.3.4_23

CrushFTP is aware that an exploit for CVE-2025-54309 exists in the wild.

The Cyber Centre encourages users and administrators to review the provided web link, follow the recommended mitigation and apply the necessary updates.

• CrushFTP Update