Summary: The Shadowserver Foundation reported a surge in exploitation attempts targeting a recently patched vulnerability in CrushFTP, a file transfer solution. Despite ongoing updates and mitigations from CrushFTP, vulnerability intelligence firms have created CVE identifiers, leading to confusion in the cybersecurity community. As unpatched instances remain, CrushFTP has urged users to promptly apply available patches.
Affected: CrushFTP
Keypoints :
- The vulnerability allows remote, unauthenticated attackers to gain system access.
- Two CVE identifiers were assigned: CVE-2025-2825 by VulnCheck and CVE-2025-31161 by Outpost24.
- Shadowserver reported around 1,800 unpatched instances globally shortly after disclosure.
- Exploitation attempts have increased, utilizing publicly available proof-of-concept exploit code.
- CrushFTP criticized security firms for their role in weaponizing the vulnerability through early disclosure.
- This is not the first time CrushFTP has faced exploitation of a critical vulnerability.
Source: https://www.securityweek.com/hackers-attempting-to-exploit-crushftp-vulnerability/