CVE-2025-2825
CrushFTP Unauthenticated Remote Access Vulnerability
Description
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
INFO
Published Date :
March 26, 2025, 4:15 p.m.
Last Modified :
April 4, 2025, 8:15 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
Public PoC/Exploit Available at Github
CVE-2025-2825 has a 9 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Shattered is a tool and POC for the new CrushedFTP vulns, CVE Exploit Script: CVE-2025-2825 vs CVE-2025-31161
Python
wy876
Python
Proof of Concept for CVE-2025-31161 / CVE-2025-2825
Python
None
None
Shell
备份的漏洞库,3月开始我们来维护
My POCs for CVEs & stuff
Python C++
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-2825 vulnerability anywhere in the article.
-
Dark Reading
CrushFTP Exploitation Continues Amid Disclosure Dispute
Source: lumerb via Alamy Stock PhotoExploitation activity continues against a critical vulnerability in CrushFTP file transfer software, which has been mired in an ongoing disclosure dispute.On April ... Read more
-
Help Net Security
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)
A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. Accord ... Read more
-
security.nl
Criminelen claimen grootschalige, gevoelige datadiefstal via CrushFTP-servers
Criminelen claimen op internet dat ze via kwetsbare CrushFTP-servers op grote schaal gevoelige informatie van bedrijven wereldwijd hebben gestolen. Getroffen ondernemingen worden de komende dagen bena ... Read more
-
The Hacker News
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
Cyber Attack / Vulnerability A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vu ... Read more
-
Daily CyberSecurity
Major Cybersecurity Events (31st March – 6th April 2025)
In the past week, several significant cybersecurity incidents have made headlines – including high-impact data breaches, and newly discovered or exploited vulnerabilities. Below is a structured summar ... Read more
-
Help Net Security
Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect portals Cybersecurity company GreyNoise is warn ... Read more
-
Dark Reading
Disclosure Drama Clouds CrushFTP Vulnerability Exploitation
Aleksey Funtap via Alamy Stock PhotoA critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion.On March 31, the Shadowserver Foundation reported ... Read more
-
BleepingComputer
Critical auth bypass bug in CrushFTP now exploited in attacks
Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security vulnera ... Read more
-
Cyber Security News
CrushFTP Vulnerability Exploited in Attacks Following PoC Release
Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept ... Read more
-
Cyber Security News
CrushFTP Vulnerability Exploited to Gain Full Server Access
A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, ... Read more
-
The Hacker News
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Threat Intelligence / Cybersecurity Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the p ... Read more
-
Daily CyberSecurity
CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template
ProjectDiscovery has published a technical breakdown of CVE-2025-2825, a critical authentication bypass flaw in CrushFTP—a widely used enterprise-grade file transfer server. The vulnerability, affecti ... Read more
-
Daily CyberSecurity
CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw
Dell has released a security update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that expose the popular enterprise storage systems—Unity, UnityVSA, and Unity XT— ... Read more
-
Help Net Security
Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft is rolling out a new gen ... Read more
-
The Register
CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug
CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago. Accor ... Read more
-
Help Net Security
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing s ... Read more
-
Cybersecurity News
Millions at Risk: PoC Exploit Releases for Vite Arbitrary File Read Flaw (CVE-2025-30208)
Vite, the blazing-fast frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to ... Read more
-
Cybersecurity News
CVE-2025-2825: Critical Vulnerability in CrushFTP Exposes Servers to Unauthenticated Access Risk
Admins urged to patch immediately as CrushFTP discloses high-severity flaw impacting versions 10 and 11.A new high-severity vulnerability has been disclosed in CrushFTP, a widely used secure file tran ... Read more
The following table lists the changes that have been made to the
CVE-2025-2825 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Apr. 04, 2025
Action Type Old Value New Value Changed Description CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval. Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage. Removed CVSS V3.1 VulnCheck: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Removed CWE CISA-ADP: CWE-287 Removed CWE VulnCheck: CWE-287 Removed Reference CVE: https://projectdiscovery.io/blog/crushftp-authentication-bypass Removed Reference VulnCheck: https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis Removed Reference VulnCheck: https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/ Removed Reference VulnCheck: https://projectdiscovery.io/blog/crushftp-authentication-bypass Removed Reference VulnCheck: https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml Removed Reference VulnCheck: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update Removed Reference VulnCheck: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/ Removed Reference VulnCheck: https://www.runzero.com/blog/crushftp/ -
CVE Rejected by [email protected]
Apr. 04, 2025
Action Type Old Value New Value -
CVE Modified by [email protected]
Apr. 02, 2025
Action Type Old Value New Value Added Reference https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/ -
CVE Modified by [email protected]
Apr. 01, 2025
Action Type Old Value New Value Changed Description CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval. Added CWE CWE-287 Added Reference https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis Added Reference https://projectdiscovery.io/blog/crushftp-authentication-bypass Added Reference https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Mar. 28, 2025
Action Type Old Value New Value Added Reference https://projectdiscovery.io/blog/crushftp-authentication-bypass -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 26, 2025
Action Type Old Value New Value Added CWE CWE-287 -
New CVE Received by [email protected]
Mar. 26, 2025
Action Type Old Value New Value Added Description CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added Reference https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update Added Reference https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/ Added Reference https://www.runzero.com/blog/crushftp/
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-2825 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-2825
weaknesses.