These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-54309 is a CrushFTP vulnerability described by CISA as an "Unprotected Alternate Channel Vulnerability." CISA added it to the Known Exploited Vulnerabilities catalog on 2025-07-22, which means defenders should treat it as urgently actionable and verify whether their CrushFTP deployments are protected, mitigated, or no longer in use.
CVE-2025-31161 is a CrushFTP authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-04-07. The KEV entry marks it as known exploited and notes known ransomware campaign use, so affected organizations should treat it as an urgent remediation item rather than a routine patch. CISA’s guidance is to apply vendor mitigations, follow BOD 22-01 guidance for clo [truncated]
CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-04-24, the same date it was published in the supplied timeline. CISA set a remediation due date of 2024-05-01. Because it is listed in KEV, defenders should treat this as an urgent exposure-management item and follow vendor mitigation guidance without delay.