bluedoor data·Trust Centers API·bluedoor.sh

Home / Security updates / CVE-2025-54309 Response July 2025

CVE-2025-54309 Response July 2025

Security updates detail rendered from /security-updates/upd_124e7d54b09b53b2.

Overview

IDupd_124e7d54b09b53b2
CollectionSecurity Updates
ProviderSafeBase
CompanyBroadridge
URL-
Counts-
Updated-

Raw record

FieldValue
idupd_124e7d54b09b53b2
providerIdsafebase
organizationIdorg_d6453fb8c77f0b6a
trustCenterIdtc_c6ca607ff40394b4
titleCVE-2025-54309 Response July 2025
messageBroadridge Threat Response July 29, 2025 BROADRIDGE RESPONSE STATEMENT The reputation, security, and the relationship with our clients is paramount in everything that Broadridge does, which is why we were working quickly to validate and address any immediate and systemic issues as they become known. On July 18, 2025, CrushFTP published an advisory for CVE-2025-54309 (CVSS Score: 9.0) impacting CrushFTP file transfer product. CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. Attackers are exploiting this flaw by sending crafted requests to the HTTPS interface, bypassing authentication, and gaining administrator access. In response to the vulnerabilities listed, Broadridge has investigated, and we can confirm we are not impacted by these vulnerabilities; however, we are continuously monitoring our environm
url-
publishedAt2025-07-29
source
{
  "field": "statuspage/public/compliance-update",
  "category": "vulnerabilities"
}
company
{
  "id": "org_d6453fb8c77f0b6a",
  "name": "Broadridge",
  "domains": [
    "trust.broadridge.com",
    "broadridge.com"
  ]
}
trust_center
{
  "id": "tc_c6ca607ff40394b4",
  "name": "Broadridge",
  "url": "https://trust.broadridge.com",
  "host": "trust.broadridge.com"
}
provider
{
  "id": "safebase",
  "name": "SafeBase"
}
links
{
  "self": "/v1/security-updates/upd_124e7d54b09b53b2",
  "company": "/v1/companies/org_d6453fb8c77f0b6a",
  "trust_center": "/v1/trust-centers/tc_c6ca607ff40394b4",
  "provider": "/v1/providers/safebase"
}
Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_124e7d54b09b53b2JSON