CrushFTP Data Breach
CrushFTP experienced a data breach that was reported on July 22, 2025. CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via
Key Facts
- Organization
- CrushFTP
- Date Reported
- July 22, 2025
- Incident Type
- unknown
- Industry
- Technology
- Severity Score
- 5/10
- Confidence Level
- high
Source
View original source - External link to primary source documentation
Understanding unknown Incidents
Data breaches can result in significant financial, operational, and reputational damage. Organizations should implement defense-in-depth strategies and maintain incident response capabilities.