| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-54309 | CrushFTP Unprotected Alternate Channel Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
Improper validation of AS2 messages in CrushFTP without DMZ proxy enabled were reported to be exploited to bypass authentication and gain administrative access over HTTPS, leading to system compromise, data exfiltration, and lateral movement.
References
|
| CVE-2025-54309 | CrushFTP Unprotected Alternate Channel Vulnerability | primary_impact | T1567 | Exfiltration Over Web Service |
Comments
Improper validation of AS2 messages in CrushFTP without DMZ proxy enabled were reported to be exploited to bypass authentication and gain administrative access over HTTPS, leading to system compromise, data exfiltration, and lateral movement.
References
|
| CVE-2025-54309 | CrushFTP Unprotected Alternate Channel Vulnerability | secondary_impact | T1021 | Remote Services |
Comments
Improper validation of AS2 messages in CrushFTP without DMZ proxy enabled were reported to be exploited to bypass authentication and gain administrative access over HTTPS, leading to system compromise, data exfiltration, and lateral movement.
References
|