CyberSecurity news
FlagThis
Rescana@Rescana
//
CISA has issued an urgent warning regarding a critical authentication bypass vulnerability, CVE-2025-31161, in CrushFTP, a widely-used file transfer server solution. The agency has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that it is actively being exploited in the wild. This flaw allows attackers to bypass authentication mechanisms and potentially gain unauthorized administrative access to vulnerable CrushFTP servers, posing significant risks to both government agencies and private organizations. Federal cybersecurity officials are urging immediate action to mitigate the threat.
The vulnerability, which affects CrushFTP server versions before 10.8.4 and 11.3.1, stems from improper validation of authentication tokens in the CrushFTP login process. An attacker can manipulate HTTP request parameters to gain unauthorized administrative access. CISA’s advisory highlights that exploitation could lead to a full system compromise. Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this vulnerability by April 28, 2025, emphasizing the severity of the risk.
CISA strongly encourages all organizations, including private sector entities and state governments, to prioritize patching CVE-2025-31161 and adopt similar vulnerability management strategies. To mitigate the risk, organizations using CrushFTP should immediately apply available patches or updates issued by the software's developers. Additionally, reviewing system logs for any unusual activity is advised. The Cybersecurity and Infrastructure Security Agency emphasizes that this authentication bypass vulnerability represents a severe security risk, potentially allowing complete compromise of affected CrushFTP servers, and has observed sophisticated threat actors actively exploiting it to establish persistent access to critical systems.
ImgSrc: static.wixstati
References :
The vulnerability, which affects CrushFTP server versions before 10.8.4 and 11.3.1, stems from improper validation of authentication tokens in the CrushFTP login process. An attacker can manipulate HTTP request parameters to gain unauthorized administrative access. CISA’s advisory highlights that exploitation could lead to a full system compromise. Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this vulnerability by April 28, 2025, emphasizing the severity of the risk.
CISA strongly encourages all organizations, including private sector entities and state governments, to prioritize patching CVE-2025-31161 and adopt similar vulnerability management strategies. To mitigate the risk, organizations using CrushFTP should immediately apply available patches or updates issued by the software's developers. Additionally, reviewing system logs for any unusual activity is advised. The Cybersecurity and Infrastructure Security Agency emphasizes that this authentication bypass vulnerability represents a severe security risk, potentially allowing complete compromise of affected CrushFTP servers, and has observed sophisticated threat actors actively exploiting it to establish persistent access to critical systems.
ImgSrc: static.wixstati
Share:
References :
- Cyber Security News: CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
- thecyberexpress.com: CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication
- The Hacker News: CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
- ciso2ciso.com: CISA Warns of CrushFTP Vulnerability Exploitation in the Wild – Source: www.infosecurity-magazine.com
- cyberpress.org: CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
- gbhackers.com: CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
- gbhackers.com: CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
- fortiguard.fortinet.com: FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software.
- www.scworld.com: Attacks involving critical CrushFTP vulnerability target several sectors