A severe vulnerability in CrushFTP allows attackers to gain admin access by exploiting mishandled AS2 validation, with over 1,000 unpatched servers currently at risk. Actively exploited since at least July 19th, this flaw highlights the persistent threats targeting managed file transfer systems and underscores the critical need for rapid patching in enterprise environments.