Is CVE-2025-54309 exploitable?

Yes — CVE-2025-54309 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2025-54309 a false positive?

No practitioners have marked CVE-2025-54309 a false positive so far (3 verdicts).

How do I remediate CVE-2025-54309?

See the authoritative references (NVD, vendor advisory) and community field notes on this page for remediation guidance.

CVE-2025-54309

is CVE-2025-54309real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

Critical · CVSS 9EPSS 92.0%CISA KEVCWE-420

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

References

NVD MITRE CVE.org CISA KEV

Published Jul 18, 2025

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2025-54309/badge.svg)](https://www.truepositive.app/cve/CVE-2025-54309)

HTML

<a href="https://www.truepositive.app/cve/CVE-2025-54309"><img src="https://www.truepositive.app/cve/CVE-2025-54309/badge.svg" alt="TruePositive verdict for CVE-2025-54309"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

3 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: Critical (Critical 3) — CVSS base score 9

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Field note · Priya NairCurated
Confirmed exploited in the wild — listed in the CISA KEV catalog (added 2025-07-22). Treat as real and prioritize patching over triage.

Same weakness — CWE-420.

CVE-2023-20198CVSS 10KEVEPSS 100%
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

CVE-2025-54309

Community ground truth

Field notes & remediation

Related CVEs