Home / Security updates / CVE-2025-54309 Response July 2025
CVE-2025-54309 Response July 2025
Security updates detail rendered from /security-updates/upd_124e7d54b09b53b2.
Overview
| ID | upd_124e7d54b09b53b2 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Broadridge |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_124e7d54b09b53b2 |
| providerId | safebase |
| organizationId | org_d6453fb8c77f0b6a |
| trustCenterId | tc_c6ca607ff40394b4 |
| title | CVE-2025-54309 Response July 2025 |
| message | Broadridge Threat Response July 29, 2025 BROADRIDGE RESPONSE STATEMENT The reputation, security, and the relationship with our clients is paramount in everything that Broadridge does, which is why we were working quickly to validate and address any immediate and systemic issues as they become known. On July 18, 2025, CrushFTP published an advisory for CVE-2025-54309 (CVSS Score: 9.0) impacting CrushFTP file transfer product. CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. Attackers are exploiting this flaw by sending crafted requests to the HTTPS interface, bypassing authentication, and gaining administrator access. In response to the vulnerabilities listed, Broadridge has investigated, and we can confirm we are not impacted by these vulnerabilities; however, we are continuously monitoring our environm |
| url | - |
| publishedAt | 2025-07-29 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_d6453fb8c77f0b6a",
"name": "Broadridge",
"domains": [
"trust.broadridge.com",
"broadridge.com"
]
} |
| trust_center | {
"id": "tc_c6ca607ff40394b4",
"name": "Broadridge",
"url": "https://trust.broadridge.com",
"host": "trust.broadridge.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_124e7d54b09b53b2",
"company": "/v1/companies/org_d6453fb8c77f0b6a",
"trust_center": "/v1/trust-centers/tc_c6ca607ff40394b4",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_124e7d54b09b53b2JSON