🚨 Hackers are actively exploiting a critical flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) to gain admin access via HTTPS—no DMZ needed.
They reverse engineered a patch and struck fast.
The worst part? Many systems are still exposed.
CheckDot is SAFU research on CheckDot 🤝