Thursday, May 1, 2025
Homecyber securityCrushFTP Servers Zero-day Under Active Attack: Update Now

CrushFTP Servers Zero-day Under Active Attack: Update Now

Published on

SIEM as a Service

Follow Us on Google News

CrushFTP is a file transfer server that supports secure protocols, offers easier configuration, and offers powerful monitoring tools.

It also provides a web interface that allows users to transfer files using a web browser. 

A critical vulnerability associated with FileSystem escape has been discovered and addressed in the latest version.

- Advertisement - Google News

This particular vulnerability allows any user to download system files escaping from the virtual file system present in the CrushFTP application. 

Moreover, there have also been reports indicating the exploitation of this vulnerability in the wild by threat actors.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

No CVE was assigned to this vulnerability at the time of reporting.

Additionally, customers who use Demilitarized Zones (DMZ) in with their CrushFTP instance are not affected by this vulnerability due to the protocol translation system.

CrushFTP Servers Zero-day

According to the reports shared with Cyber Security News, there have been several exploitation attempts over CrushFTP instances owned by multiple U.S. Entities, which are speculated to be an activity of Politically Motivated Intelligence Gathering.

Exploitation attempts (Source: r/crowdstrike – Reddit)

To provide a brief insight, the CrushFTP application is a bundled stand-alone portal executable (PE) that probably doesn’t have a standard installation location.

The application can run on Windows, macOS and Linux and depend on Java.

To prevent the exploitation of this vulnerability, users of CrushFTP are recommended to upgrade to the latest version, v11.1.0, which has a patch for it.

All versions before CrushFTP v9 are affected.

For more information about the changelogs and other information, the CrushFTP wiki page can be viewed.

How To Update?

To update CrushFTP to the latest version v11.1.0 (for Online users), the following steps can be followed:

  1. Login to the dashboard using your “crushadmin” equivalent user in the WebInterface.
  2. Click on the About tab.
  3. Click Update, Update Now.
  4. Wait roughly 5 minutes for the files to download, unzip, and be copied in place. CrushFTP will auto-restart once done.
  5. Finished.
How to update Online (Source: CrushFTP)

For Offline users, the below steps can be followed

  1. Download CrushFTP11.zip from our download page. (https://www.crushftp.com/early11/CrushFTP11.zip)
  2. Give it the name `CrushFTP10_new.zip` and place it in the CrushFTP main folder. (Same location where you have your prefs.XML file)
  3. See the above normal instructions, as Crush will use your local offline zip file.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Quantum Computing and Cybersecurity – What CISOs Need to Know Now

As quantum computing transitions from theoretical research to practical application, Chief Information Security Officers...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...