Critical zero-day vulnerability exposes FTP servers to attackers

In the United States, the security community is grappling with the implications of several zero-day vulnerabilities impacting key server technologies. Recently, a critical zero-day exploit affecting Microsoft’s SharePoint servers was disclosed, revealing that these on-premises servers were targeted in a global cyber attack. Although an emergency update was issued by Microsoft, experts indicate that this fix may not sufficiently protect against ongoing exploitation attempts by remote attackers. As a result, enterprises utilizing SharePoint servers must remain vigilant and monitor their systems closely. Compounding the situation, CrushFTP confirmed a separate zero-day vulnerability, tracked as CVE-2025-54309, that has been actively exploited since its initial detection on July 18. The vulnerability is significant as it impacts all variants of CrushFTP software, stressing the need for users to keep their systems updated to avoid falling victim to this security flaw. According to the CrushFTP advisory, hackers have reverse engineered their code to exploit vulnerabilities that were addressed in prior updates. The advisory suggests that this exploitation is largely successful against users who have not updated their systems since July 1. Despite the critical nature of the vulnerability, those maintaining up-to-date builds have been informed they are not at risk. Moreover, the vulnerability exploits the HTTP(S) protocol when implemented without a DMZ proxy feature. This mishandling allows remote attackers to gain unauthorized admin access to affected servers. Security experts emphasize the importance of frequent patching and monitoring for changes in default user account values, as these may signify exploitation. As the cyber threat landscape remains perilous, both businesses and security teams are urged to prioritize adherence to recommended software updates and security protocols.