CyberSecurity news
Rescana@Rescana
//
A critical authentication bypass vulnerability, CVE-2025-31161 (previously tracked as CVE-2025-2825), has been identified in CrushFTP, a multi-protocol file transfer server. The vulnerability, which exists in versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, allows attackers to bypass authentication mechanisms, potentially gaining unauthorized access to sensitive data and system resources. CrushFTP privately alerted customers to the issue on March 21, 2025, urging them to apply available patches immediately. BleepingComputer reports that over 1,500 instances remain exposed.
Intrusions exploiting the CVE-2025-2825 vulnerability are already underway, following the emergence of a proof-of-concept exploit. Attackers can gain complete access to affected servers, manipulate files, upload malicious content, and even create admin-level user accounts. Indicators of Compromise include unauthorized access logs, unexpected modifications to user accounts, and unusual file uploads. As a mitigation strategy, CrushFTP recommended activating the demilitarized zone perimeter network option for those unable to promptly update their software.
ImgSrc: static.wixstati
References :
- bsky.app: Project Discovery has published a technical write-up and PoC for a recent CrushFTP authentication bypass tracked as CVE-2025-2825
- The DefendOps Diaries: Understanding the CrushFTP Authentication Bypass Vulnerability: A Critical Cybersecurity Threat
- BleepingComputer: Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.
- Rescana: CrushFTP CVE-2025-2825 Vulnerability: Critical Authentication Bypass Exploit and Mitigation Strategies
- community.emergingthreats.net: CrushFTP Authentication Bypass (CVE-2025-2825) (web_specific_apps.rules)
- securityaffairs.com: CrushFTP CVE-2025-2825 flaw actively exploited in the wild
- www.cybersecuritydive.com: Critical vulnerability in CrushFTP file transfer software under attack
- www.scworld.com: Over 1,500 CrushFTP file transfer software instances remain exposed to ongoing intrusions exploiting the critical authorization bypass vulnerability, tracked as CVE-2025-2825.
- Arctic Wolf: CVE-2025-31161: Exploitation of Critical Authentication Bypass Vulnerability in CrushFTP
- Help Net Security: Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
- Arctic Wolf: CVE-2025-31161: Exploitation of Critical Authentication Bypass Vulnerability in CrushFTP
- cert.europa.eu: 2025-015: Critical vulnerability in CrushFTP
- The Hacker News: CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
- The Hacker News: A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.
Classification: