Summary: Attackers are exploiting a critical authentication bypass vulnerability in CrushFTP, which can enable remote access for unauthenticated users on unpatched versions of the software. Users have been urged to apply patches to protect their systems, while existing exposed servers are being targeted by various exploitation attempts. The situation highlights the increasing risk to file transfer services from cybercriminals.
Affected: CrushFTP file transfer software
Keypoints :
- Vulnerability CVE-2025-2825 allows remote attackers to gain unauthenticated access to unpatched CrushFTP v10 or v11.
- Immediate action is needed to patch the vulnerability to prevent exploitation; over 1,500 vulnerable instances have been detected online.
- Previous vulnerabilities in CrushFTP have resulted in significant security concerns, indicating a pattern of targeted attacks on file transfer software.
Views: 18