In April 2025, information about an easy-to-exploit critical vulnerability affecting CrushFTP was made public. It is recommended updating affected server as soon as possible.
Proof of concepts are available, and the vulnerability is being exploited in the wild.