WID-SEC-W-2025-1608

Affected Products

Exploit Intelligence

• CrushFTP AS2 Authentication Bypass (github-poc)
• 0xLittleSpidy/CVE-2025-54309 (github-poc-repo)
• 0xLittleSpidy/CVE-2025-54309 (github-poc)
• Findings & july race with 0day in wild (github-poc)
• chin-tech/CrushFTP_CVE-2025-54309 (github-poc)
• whisperer1290/CVE-2025-54309__Enhanced_exploit (github-poc)
• Exploitation scripts for the CrushFTP CVE-2025-54309: vulnerability (github-poc)
• CrushFTP AS2 Authentication Bypass (github-poc)
• watchtowrlabs/watchTowr-vs-CrushFTP-Authentication-Bypass-CVE-2025-54309 (github-poc)
• https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1608.json (circl)

…and 12 more exploits

Timeline

• Jul 20, 2025 CVE Published
• Jul 22, 2025 CVE Updated

References

• https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1608.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1608 advisory
• https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025 url
• https://github.com/advisories/GHSA-rh5q-v9ww-rqgm url
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog url