CrushFTP vulnerability

From Cyber Security News – CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability in CrushFTP file transfer software to its Known Exploited Vulnerabilities (KEV) Catalog. Designated as CVE-2025-31161, this…

Samir K April 9, 2025

Vulnerabilities

From Cybersecurity Help – Threat actors exploiting recent CrushFTP auth bypass flaw for persistent access

The vulnerability, now tracked as CVE-2025-31161, allows attackers to bypass authentication and gain unauthorized access to targeted systems. Read More

Samir K April 8, 2025

News

From The Hacker News – CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has

shaikh Saqib April 8, 2025

News

From Dark Reading – Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack. Read More

shaikh Saqib April 4, 2025

News

From Security Week – Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability

[[{"value":"Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Details Emerge on CVE Controversy Around Exploited…

shaikh Saqib April 3, 2025

News

From Security Week – CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

[[{"value":"Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161. The post CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability appeared first on…

shaikh Saqib April 1, 2025

News

From Cyber Security News – CrushFTP Vulnerability Exploited in Attacks Following PoC Release

Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code. Based on Shadowserver Foundation’s most recent…

shaikh Saqib April 1, 2025

News

From Cyber Security News – CrushFTP Vulnerability Exploited to Gain Full Server Access

A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, which affects versions 10.0.0 through…

shaikh Saqib March 31, 2025

News

From Cyber Security News – CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security…

shaikh Saqib March 26, 2025

News

From The Hacker News – New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

shaikh Saqib March 26, 2025