Unauthenticated Access Vulnerability in CrushFTP by CrushFTP, Inc.
CVE-2025-2825

9.8CRITICAL

Key Information:

Vendor
Crushftp
Status
Crushftp
Vendor
CVE Published:
26 March 2025

Badges

๐Ÿ”ฅ Trending now๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 6,600๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 15%๐Ÿ“ฐ News Worthy

What is CVE-2025-2825?

CVE-2025-2825 is a vulnerability found in CrushFTP, a file transfer protocol server developed by CrushFTP, Inc. This software is designed for secure file transfer and management, commonly used in business environments for sharing files over the internet. The vulnerability allows for unauthenticated access through remote HTTP requests, which means that attackers could potentially exploit this flaw to gain unauthorized entry into systems running affected versions. This unauthorized access can pose serious risks to organizations, including data breaches and disruption of operations.

Technical Details

The vulnerability affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. It allows attackers to make remote and unauthenticated HTTP requests that can lead to unauthorized access to the system. The flaw arises from insufficient access controls within the CrushFTP software, enabling potential intrusions without the need for valid credentials. Organizations using these versions of CrushFTP should be particularly cautious, as the flaw does not require any authentication, making it easier for attackers to exploit.

Potential impact of CVE-2025-2825

  1. Unauthorized Access: The primary impact of this vulnerability is the ability for attackers to gain unauthorized access to sensitive files and data stored on the CrushFTP server. This could lead to data leakage or theft, compromising sensitive business information.

  2. Data Breaches: With unrestricted access, malicious actors could not only view but also potentially modify or delete critical files, leading to extensive data compromise that could be detrimental to a companyโ€™s operations and reputation.

  3. Operational Disruption: The exploitation of this vulnerability could also result in operational disruptions, as attackers may seek to manipulate file transfers or exploit the server for further malicious activities, ultimately affecting business continuity and service delivery.

Affected Version(s)

CrushFTP 11.0.0 < 11.3.1

CrushFTP 10.0.0 < 10.8.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) - Help Net Security

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening.

2 days ago

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code.

2 days ago

Critical auth bypass bug in CrushFTP now exploited in attacks

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.

2 days ago

References

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by Help Net Security

  • ๐ŸŸก

    Public PoC available

  • Vulnerability published

  • Vulnerability Reserved

.