news 
Critical Zero-Day Exposes FTP Servers to Attack
A recent zero-day exploit affecting all platforms has been confirmed by CrushFTP, a public security advisory from the vendor stating that it is being exploited for anyone who has not stayed current on new versions. The attack vector employed by hackers was HTTP(S), with the National Vulnerability Database describing CVE-2025-54309 as being exploited when the DMZ proxy feature is not used.
The exploit leads to a mishandling of the Applicability Statement 2 protocol for transmitting messages, consequently allowing remote attackers to obtain admin access via HTTPS.
Source: www.forbes.com
