CrushFTP Security Update Advisory (CVE-2025-54309)

Jul 22 2025

Overview

We have released a security update to address a vulnerability in CrushFTP. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-54309

CrushFTP Version: 10.0 and above but below 10.8.5
CrushFTP Version: 11.0 and above but below 11.3.4_23

Resolved Vulnerabilities

Privilege escalation vulnerability due to insufficient AS2 validation in CrushFTP (CVE-2025-54309)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-54309

CrushFTP Version: 10.8.5
CrushFTP Version: 11.3.5_23

References

[1] cve-2025-54309
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025

CrushFTP Security Update Advisory (CVE-2025-54309)

Run-llama Security Update Advisory (CVE-2025-1793)

SQLite Security Update Advisory (CVE-2025-6965)

Tags:

Run-llama Security Update Advisory (CVE-2025-1793)

SQLite Security Update Advisory (CVE-2025-6965)