{"id":10465,"date":"2025-07-21T12:35:01","date_gmt":"2025-07-21T05:35:01","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10465"},"modified":"2026-02-05T12:35:12","modified_gmt":"2026-02-05T05:35:12","slug":"lo-hong-zero-day-trong-crushftp-cho-phep-chiem-quyen-admin-qua-giao-dien-web","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/07\/21\/lo-hong-zero-day-trong-crushftp-cho-phep-chiem-quyen-admin-qua-giao-dien-web\/","title":{"rendered":"L\u1ed7 h\u1ed5ng zero-day trong CrushFTP cho ph\u00e9p chi\u1ebfm quy\u1ec1n admin qua giao di\u1ec7n web"},"content":{"rendered":"
G\u1ea7n \u0111\u00e2y, nh\u00e0 ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m CrushFTP – n\u1ec1n t\u1ea3ng m\u00e1y ch\u1ee7 truy\u1ec1n t\u1ec7p doanh nghi\u1ec7p h\u1ed7 tr\u1ee3 FTP, SFTP, HTTP\/S, \u0111\u00e3 c\u1ea3nh b\u00e1o v\u1ec1 m\u1ed9t l\u1ed7 h\u1ed5ng zero-day nghi\u00eam tr\u1ecdng (CVE\u20112025\u201154309), cho ph\u00e9p tin t\u1eb7c chi\u1ebfm quy\u1ec1n qu\u1ea3n tr\u1ecb (admin) t\u1eeb xa th\u00f4ng qua giao di\u1ec7n web.<\/b>
\n\u200b<\/div>\n
\"1753070762963.png\"<\/a>\u200b<\/div>\n
\nL\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh l\u00e0 CVE-2025-54309, \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 c\u00f3 m\u1ee9c \u0111\u1ed9 nguy hi\u1ec3m cao (CVSS 9,0) v\u00e0 \u0111\u00e3 b\u1ecb khai th\u00e1c m\u1ed9t c\u00e1ch ch\u1ee7 \u0111\u1ed9ng \u00edt nh\u1ea5t t\u1eeb 18\/7\/2025.<\/p>\n

CrushFTP l\u00e0 ph\u1ea7n m\u1ec1m m\u00e1y ch\u1ee7 \u0111\u01b0\u1ee3c nhi\u1ec1u t\u1ed5 ch\u1ee9c s\u1eed d\u1ee5ng \u0111\u1ec3 truy\u1ec1n v\u00e0 qu\u1ea3n l\u00fd t\u1ec7p qua c\u00e1c giao th\u1ee9c nh\u01b0 FTP, SFTP, HTTP\/S, nh\u1edd t\u00ednh linh ho\u1ea1t v\u00e0 kh\u1ea3 n\u0103ng b\u1ea3o m\u1eadt cao. Tuy nhi\u00ean, theo c\u1ea3nh b\u00e1o t\u1eeb ch\u00ednh nh\u00e0 ph\u00e1t tri\u1ec3n CrushFTP, m\u1ed9t l\u1ed7 h\u1ed5ng trong giao th\u1ee9c AS2 khi x\u1eed l\u00fd qua HTTP(S) \u0111\u00e3 v\u00f4 t\u00ecnh m\u1edf ra c\u01a1 h\u1ed9i cho tin t\u1eb7c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u00e1y ch\u1ee7 m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c. D\u00f9 l\u1ed7 h\u1ed5ng n\u00e0y t\u1eebng \u0111\u01b0\u1ee3c v\u00e1 gi\u00e1n ti\u1ebfp trong m\u1ed9t b\u1ea3n c\u1eadp nh\u1eadt v\u00e0o \u0111\u1ea7u th\u00e1ng 7, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u01b0\u1ee3c cho l\u00e0 \u0111\u00e3 \u0111\u1ea3o ng\u01b0\u1ee3c m\u00e3 ngu\u1ed3n v\u00e0 t\u00ecm ra c\u00e1ch khai th\u00e1c c\u1ee5 th\u1ec3 t\u1eeb s\u1ef1 thay \u0111\u1ed5i m\u00e3 tr\u01b0\u1edbc \u0111\u00f3.<\/p>\n

Tin t\u1eb7c s\u1eed d\u1ee5ng l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1ec3 ch\u1ec9nh s\u1eeda ho\u1eb7c t\u1ea1o m\u1edbi t\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng, trong nhi\u1ec1u tr\u01b0\u1eddng h\u1ee3p l\u00e0 ch\u1ec9nh s\u1eeda t\u00e0i kho\u1ea3n m\u1eb7c \u0111\u1ecbnh v\u1edbi \u0111\u1ecbnh d\u1ea1ng kh\u00f4ng h\u1ee3p l\u1ec7 nh\u01b0ng v\u1eabn ho\u1ea1t \u0111\u1ed9ng \u0111\u01b0\u1ee3c. D\u1ea5u hi\u1ec7u nh\u1eadn di\u1ec7n s\u1edbm bao g\u1ed3m c\u00e1c thay \u0111\u1ed5i \u0111\u00e1ng ng\u1edd trong file MainUsers\/default\/user.XML, nh\u01b0 s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c tr\u01b0\u1eddng last_logins b\u1ea5t th\u01b0\u1eddng ho\u1eb7c t\u00e0i kho\u1ea3n admin l\u1ea1 v\u1edbi t\u00ean ng\u1eabu nhi\u00ean. Ngo\u00e0i ra, nh\u1eadt k\u00fd upload\/download c\u00f3 th\u1ec3 ghi nh\u1eadn c\u00e1c h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng n\u1ebfu h\u1ec7 th\u1ed1ng \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp.<\/p>\n

C\u00e1c phi\u00ean b\u1ea3n b\u1ecb \u1ea3nh h\u01b0\u1edfng l\u00e0 CrushFTP v10 tr\u01b0\u1edbc 10.8.5 v\u00e0 v11 tr\u01b0\u1edbc 11.3.4_23, ph\u00e1t h\u00e0nh tr\u01b0\u1edbc ng\u00e0y 1\/7. Nh\u1eefng h\u1ec7 th\u1ed1ng c\u1eadp nh\u1eadt \u0111\u1ea7y \u0111\u1ee7 ho\u1eb7c c\u00f3 s\u1eed d\u1ee5ng ki\u1ebfn tr\u00fac ph\u00e2n t\u00e1ch v\u1edbi DMZ proxy \u0111\u01b0\u1ee3c cho l\u00e0 an to\u00e0n h\u01a1n,. Tuy nhi\u00ean c\u00e1c chuy\u00ean gia khuy\u1ebfn c\u00e1o r\u1eb1ng DMZ kh\u00f4ng n\u00ean \u0111\u01b0\u1ee3c xem l\u00e0 gi\u1ea3i ph\u00e1p b\u1ea3o v\u1ec7 tuy\u1ec7t \u0111\u1ed1i trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y.<\/p>\n

Hi\u1ec7n t\u1ea1i ch\u01b0a c\u00f3 th\u00f4ng tin x\u00e1c th\u1ef1c r\u1eb1ng d\u1eef li\u1ec7u \u0111\u00e3 b\u1ecb \u0111\u00e1nh c\u1eafp hay m\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c c\u00e0i c\u1eafm th\u00f4ng qua cu\u1ed9c t\u1ea5n c\u00f4ng, nh\u01b0ng vi\u1ec7c chi\u1ebfm \u0111\u01b0\u1ee3c quy\u1ec1n qu\u1ea3n tr\u1ecb qua giao di\u1ec7n web m\u1edf ra nhi\u1ec1u nguy c\u01a1 v\u1ec1 r\u00f2 r\u1ec9 d\u1eef li\u1ec7u, c\u00e0i m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n ho\u1eb7c truy c\u1eadp l\u00e2u d\u00e0i tr\u00e1i ph\u00e9p. \u0110\u00e2y l\u00e0 m\u1ed1i lo ng\u1ea1i kh\u00f4ng m\u1edbi, \u0111\u1eb7c bi\u1ec7t khi c\u00e1c h\u1ec7 th\u1ed1ng truy\u1ec1n file doanh nghi\u1ec7p nh\u01b0 MOVEit, GoAnywhere, hay Accellion FTA t\u1eebng b\u1ecb khai th\u00e1c b\u1edfi c\u00e1c nh\u00f3m ransomware l\u1edbn trong nh\u1eefng chi\u1ebfn d\u1ecbch quy m\u00f4 to\u00e0n c\u1ea7u.<\/p>\n

\u0110\u1ec3 ph\u00f2ng tr\u00e1nh v\u00e0 \u1ee9ng ph\u00f3, WhiteHat v\u00e0 c\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt khuy\u1ebfn ngh\u1ecb c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng c\u1ea7n th\u1ef1c hi\u1ec7n ngay nh\u1eefng bi\u1ec7n ph\u00e1p sau:\u200b<\/p><\/div>\n