CyberSecurity news
FlagThis
@The DefendOps Diaries
//
A critical authentication bypass vulnerability, identified as CVE-2025-2825, is actively being exploited in CrushFTP file transfer software. Attackers are leveraging publicly available proof-of-concept code to gain unauthenticated access to unpatched devices. The flaw affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, with security analysts confirming that a significant number of instances remain unpatched despite the availability of patches since March 26, 2025. Project Discovery has published a technical write-up and PoC for the bypass.
The vulnerability stems from improper handling of HTTP requests utilizing S3-style authorization headers. Attackers can craft malicious AWS S3-style authorization headers containing a valid username, bypassing password verification. Once access is gained, attackers can execute administrative commands, download sensitive files, create new administrator accounts, and upload malicious payloads, potentially leading to complete system compromise. CrushFTP has addressed this in version 11.3.1 by introducing a new security parameter, s3_auth_lookup_password_supported, set to false by default.
ImgSrc: thedefendopsdia
References :
The vulnerability stems from improper handling of HTTP requests utilizing S3-style authorization headers. Attackers can craft malicious AWS S3-style authorization headers containing a valid username, bypassing password verification. Once access is gained, attackers can execute administrative commands, download sensitive files, create new administrator accounts, and upload malicious payloads, potentially leading to complete system compromise. CrushFTP has addressed this in version 11.3.1 by introducing a new security parameter, s3_auth_lookup_password_supported, set to false by default.
ImgSrc: thedefendopsdia
Share:
References :
- bsky.app: Project Discovery has published a technical write-up and PoC for a recent CrushFTP authentication bypass tracked as CVE-2025-2825
- The DefendOps Diaries: Understanding the CrushFTP Authentication Bypass Vulnerability: A Critical Cybersecurity Threat
- BleepingComputer: Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.
- Rescana: CrushFTP CVE-2025-2825 Vulnerability: Critical Authentication Bypass Exploit and Mitigation Strategies
- community.emergingthreats.net: CrushFTP Authentication Bypass (CVE-2025-2825) (web_specific_apps.rules)
- securityaffairs.com: CrushFTP CVE-2025-2825 flaw actively exploited in the wild
Classification:
- HashTags: #CrushFTP #AuthBypass #Cybersecurity
- Company: CrushFTP
- Target: CrushFTP Servers
- Product: CrushFTP
- Feature: Authentication Bypass
- Malware: CVE-2025-2825
- Type: Vulnerability
- Severity: Critical