©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP CrushFTP AS2 validation potential remote code execution attempt
This rule looks for a large number of requests to the /WebInterface/function endpoint of CrushFTP web applications that attempt to exploit a race condition in the application's handling of AS2-TO headers to bypass authentication and achieve remote code execution.
This rule alerts on attempts to exploit a remote code execution vulnerability in CrushFTP.
Attacks/Scans seen in the wild
Known false positives, with the described conditions
This rule will drop any attempts to access the /WebInterface/function endpoint of CrushFTP using AS2 authentication.
Cisco Talos Intelligence Group
No rule groups
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2025-54309 |
Loading description
|
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.