Crushftp News Articles
Recent news articles refferecing the vendors vulnerabilities.
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
1 week ago
CVE-2025-32102
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.
2 weeks ago
VulmonCVE-2025-32102CVE-2025-32102 Server-Side Request Forgery (SSRF) in CrushFTP...
Server-Side Request Forgery (SSRF) in CrushFTP Versions 9.x, 10.x, and 11.x CrushFTP versions 9.x and 10.x through 10.8.4, along with versions 11.x through 11.
2 weeks ago
CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats
The makers of the popular file transfer tool CrushFTP say a responsibly disclosed vulnerability in the software has been weaponized. CISA and cyber researchers are sounding alarm bells.
3 weeks ago
CrushFTP Exploitation Continues Amid Disclosure Dispute
Attacks on a critical authentication bypass flaw in CrushFTP's file transfer product continue this week after duplicate CVEs sparked confusion.
3 weeks ago
GBHackers NewsCVE-2025-31161CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
CISA has issued a warning about an actively exploited vulnerability in CrushFTP, a popular file transfer server solution.
3 weeks ago
Infosecurity MagazineCVE-2025-31161CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog
3 weeks ago
The Cyber ExpressCVE-2025-31161CISA Adds CVE-2025-31161 To KEV Catalog
CISA warns of CVE-2025-31161 in CrushFTP, enabling authentication bypass. Update to the latest versions now.
3 weeks ago
CISA (.gov)CVE-2025-31161CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-31161(link is external) CrushFTP Authentication Bypass...
3 weeks ago
The Hacker NewsCVE-2025-31161CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
CrushFTP flaw CVE-2025-31161 exploited since March 30; 815 systems unpatched as agencies race to secure.
3 weeks ago
Disclosure Drama Clouds CrushFTP Vulnerability Exploitation
CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.
4 weeks ago
Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy
Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.
4 weeks ago
Help Net SecurityCVE-2025-2825Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) - Help Net Security
Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening.
1 month ago
Security AffairsCVE-2025-2825CrushFTP CVE-2025-2825 flaw actively exploited in the wild
Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code.
1 month ago
Critical auth bypass bug in CrushFTP now exploited in attacks
Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.
1 month ago
GBHackers NewsCVE-2025-2825CrushFTP Security Vulnerability Under Attack After PoC Release
A recently disclosed security vulnerability in CrushFTP, identified as CVE-2025-2825, has become the target of active exploitation attempts.
1 month ago
CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability
Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161.
1 month ago
Critical vulnerability in CrushFTP file transfer software under attack
Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.
1 month ago
Help Net SecurityCVE-2025-2825CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) - Help Net Security
A critical vulnerability (CVE-2025-2825) in the CrushFTP file transfer solution can give attackers access to internet-facing servers.
CrushFTP warns users to patch unauthenticated access flaw immediately
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately.
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations - SOC Prime
Detect CVE-2024-4040 exploitation attempts, a new critical CrushFTP zero-day vulnerability, with a novel Sigma rule from SOC Prime Platform.
Qualys Security BlogCVE-2024-4040CrushFTP Zero-Day Exploitation Due to CVE-2024-4040 | Qualys Security Blog
CrushFTP disclosed a zero-day vulnerability in their software on April 19, 2024. The vulnerability is published on CVE-2024-4040. Affected versions: The CVSS…
Security AffairsCVE-2024-4040+1,400 CrushFTP servers vulnerable to CVE-2024-4040
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Over 1,400 CrushFTP servers vulnerable to actively exploited bug
Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day.
wiz.ioCVE-2024-4040CrushFTP vulnerability CVE-2024-4040: what you need to know | Wiz Blog
CrushFTP discloses vulnerability CVE-2024-4040, a VSF Sandbox Escape issue
Critical CrushFTP zero-day vulnerability under attack | TechTarget
CrushFTP disclosed a critical zero-day vulnerability on April 19, and reports of active exploitation continue to mount.
CybersecurityNewsCVE-2024-4040CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access
CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
An exploit for the vulnerability allows attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
Help Net SecurityCVE-2024-4040CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) - Help Net Security
A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion.
TenableCVE-2024-4040CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.