Post by Synack Red Team

Public proof-of-concepts are a starting point, not a finish line. In our latest Exploits Explained blog, SRT researcher IronRoot took CVE-2025-54309—an authentication bypass vulnerability in CrushFTP—further than any existing public exploit had gone. When the internet's PoCs didn't deliver meaningful impact, he didn't stop. He dug into legacy CrushFTP source code on GitHub, identified undocumented admin command handlers, and used AI-assisted exploit development to build something new. The result? Real-world impact: dumped server credentials (including cleartext passwords), active session data, internal infrastructure endpoints, and full server logs containing session cookies. Read the full technical breakdown of CVE-2025-54309 👉 https://lnkd.in/gZTk8dfb