🚨 Hackers are actively exploiting a critical flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) to gain admin access via HTTPS—no DMZ needed.

They reverse engineered a patch and struck fast.

The worst part? Many systems are still exposed.

CheckDot is SAFU research on CheckDot 🤝