By rssfeeds-admin 
The flaw, designated CVE-2025-54309, represents one of the most severe security vulnerabilities discovered in enterprise file transfer solutions this year.
class="wp-block-heading" id="vulnerability-details-and-attack-mechanism">Vulnerability Details and Attack Mechanism
The vulnerability stems from a fundamental breakdown in security checks within CrushFTP’s DMZ proxy component.
Under normal circumstances, the DMZ proxy serves as a secure gateway designed to protect internal admin servers from direct internet exposure.
However, this critical flaw allows malicious actors to bypass these protections entirely by sending specially crafted HTTP POST requests to the /WebInterface/function/ endpoint without requiring any form of authentication.
The primary attack vector leverages XML-RPC (XML Remote Procedure Call), a protocol that uses XML formatting to encode function calls to remote servers.
Attackers can exploit this vulnerability by sending malicious XML payloads containing system.exec function calls with arbitrary commands as parameters.
The vulnerable server processes these unauthenticated requests and executes the embedded commands directly on the underlying operating system.
A typical malicious payload appears deceptively simple, consisting of XML-formatted methodCall elements that instruct the server to execute system commands such as id or uname -a.
The server’s failure to verify user authentication before processing these requests creates a direct pathway for remote code execution.
Critical Impact and Severity Assessment
Security researchers have classified this vulnerability as critical for three primary reasons.
First, no authentication is required, eliminating traditional access barriers that typically protect against unauthorized intrusion.
Second, the vulnerability can be exploited remotely from anywhere on the internet, dramatically expanding the potential attack surface.
Finally, successful exploitation grants complete remote code execution capabilities, representing the highest level of system compromise possible.
This level of access enables attackers to steal sensitive data, install persistent malware, pivot to additional network resources, or weaponize compromised servers for launching attacks against other targets.
The combination of zero authentication requirements and full system control makes this vulnerability particularly dangerous for organizations relying on CrushFTP for secure file transfers.
Immediate Response Required
Organizations running CrushFTP installations should immediately assess their exposure and implement available security updates.
The availability of proof-of-concept exploit code on platforms like GitHub has lowered the barrier for potential attackers, making rapid response essential.
System administrators should also consider temporarily isolating CrushFTP servers from direct internet access until patches can be applied and verified.
The discovery of CVE-2025-54309 underscores the ongoing challenges facing enterprise software security and the critical importance of maintaining robust authentication mechanisms in network-facing applications.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Critical CrushFTP 0-Day RCE Flaw -Technical Details and PoC Now Released appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.