Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, it […] Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, it may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. The file transfer software maker CrushFTP urge customers to take immediate action to address the vulnerability. Admins unable to update their installs should enable the DMZ perimeter network as a temporary security measure. Researchers at Shadowserver warned that threat actors are attempting to exploit the vulnerability in the wild, they found approximately 1,800 vulnerable instances exposed online, mainly (904) in the US. We are sharing unpatched CrushFTP instances likely vulnerable to CVE-2025-2825 (CVSS 9.8) that may allow unauthenticated remote attackers to bypass authentication via HTTP(S) requests. We see ~1800 unpatched instances worldwide, with over 900 in the US.https://t.co/fszXcbDgzs pic.twitter.com/1m0eqo4LaH— The Shadowserver Foundation (@Shadowserver) March 28, 2025
Published: 2025-04-01T14:09:54