Threat Advisories - NVD Disclosed July 18, 2025

CVE-2025-54309

CrushFTP DMZ Proxy Vulnerability Allows Admin Access

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in CrushFTP's AS2 validation can allow remote attackers to obtain administrative access to affected systems. This could lead to a compromise of data and business operations.

NVD published: July 18, 2025 • CISA KEV