9.8
CRITICAL
CVE-2025-2825
CrushFTP Unauthenticated Remote Access Vulnerability
Description

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.

INFO

Published Date :

March 26, 2025, 4:15 p.m.

Last Modified :

April 4, 2025, 8:15 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2025-2825 has a 9 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-2825 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Crushftp crushftp

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Shattered is a tool and POC for the new CrushedFTP vulns, CVE Exploit Script: CVE-2025-2825 vs CVE-2025-31161

Python

Updated: 14 hours, 35 minutes ago
7 stars 1 fork 1 watcher
Born at : April 11, 2025, 10:54 a.m. This repo has been linked 2 different CVEs too.

wy876

Python

Updated: 4 days, 6 hours ago
1 stars 1 fork 1 watcher
Born at : April 11, 2025, 4:25 a.m. This repo has been linked 209 different CVEs too.

Proof of Concept for CVE-2025-31161 / CVE-2025-2825

Python

Updated: 1 week ago
3 stars 3 fork 3 watcher
Born at : April 8, 2025, 3:37 p.m. This repo has been linked 2 different CVEs too.

None

Updated: 2 weeks, 4 days ago
0 stars 1 fork 1 watcher
Born at : April 4, 2025, 8:57 a.m. This repo has been linked 1 different CVEs too.

None

Shell

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : April 3, 2025, 1:13 a.m. This repo has been linked 1 different CVEs too.

备份的漏洞库,3月开始我们来维护

Updated: 1 day, 1 hour ago
849 stars 275 fork 275 watcher
Born at : March 4, 2025, 2:54 p.m. This repo has been linked 211 different CVEs too.

My POCs for CVEs & stuff

Python C++

Updated: 2 weeks ago
50 stars 9 fork 9 watcher
Born at : May 9, 2024, 3:10 a.m. This repo has been linked 4 different CVEs too.

一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.

Updated: 5 days, 6 hours ago
117 stars 18 fork 18 watcher
Born at : Jan. 5, 2023, 2:19 a.m. This repo has been linked 162 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 day, 15 hours ago
6851 stars 1157 fork 1157 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 841 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-2825 vulnerability anywhere in the article.

  • Dark Reading
CrushFTP Exploitation Continues Amid Disclosure Dispute

Source: lumerb via Alamy Stock PhotoExploitation activity continues against a critical vulnerability in CrushFTP file transfer software, which has been mired in an ongoing disclosure dispute.On April ... Read more

Published Date: Apr 09, 2025 (1 week, 5 days ago)
  • Help Net Security
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. Accord ... Read more

Published Date: Apr 09, 2025 (1 week, 5 days ago)
  • security.nl
Criminelen claimen grootschalige, gevoelige datadiefstal via CrushFTP-servers

Criminelen claimen op internet dat ze via kwetsbare CrushFTP-servers op grote schaal gevoelige informatie van bedrijven wereldwijd hebben gestolen. Getroffen ondernemingen worden de komende dagen bena ... Read more

Published Date: Apr 08, 2025 (2 weeks ago)
  • The Hacker News
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

Cyber Attack / Vulnerability A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vu ... Read more

Published Date: Apr 08, 2025 (2 weeks ago)
  • Daily CyberSecurity
Major Cybersecurity Events (31st March – 6th April 2025)

In the past week, several significant cybersecurity incidents have made headlines – including high-impact data breaches, and newly discovered or exploited vulnerabilities. Below is a structured summar ... Read more

Published Date: Apr 07, 2025 (2 weeks, 1 day ago)
  • Help Net Security
Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect portals Cybersecurity company GreyNoise is warn ... Read more

Published Date: Apr 06, 2025 (2 weeks, 2 days ago)
  • Dark Reading
Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

Aleksey Funtap via Alamy Stock PhotoA critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion.On March 31, the Shadowserver Foundation reported ... Read more

Published Date: Apr 03, 2025 (2 weeks, 4 days ago)
  • BleepingComputer
Critical auth bypass bug in CrushFTP now exploited in attacks

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security vulnera ... Read more

Published Date: Apr 01, 2025 (2 weeks, 6 days ago)
  • Cyber Security News
CrushFTP Vulnerability Exploited in Attacks Following PoC Release

Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept ... Read more

Published Date: Apr 01, 2025 (3 weeks ago)
  • Cyber Security News
CrushFTP Vulnerability Exploited to Gain Full Server Access

A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, ... Read more

Published Date: Mar 31, 2025 (3 weeks ago)
  • The Hacker News
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Threat Intelligence / Cybersecurity Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the p ... Read more

Published Date: Mar 31, 2025 (3 weeks ago)
  • Daily CyberSecurity
CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template

ProjectDiscovery has published a technical breakdown of CVE-2025-2825, a critical authentication bypass flaw in CrushFTP—a widely used enterprise-grade file transfer server. The vulnerability, affecti ... Read more

Published Date: Mar 31, 2025 (3 weeks, 1 day ago)
  • Daily CyberSecurity
CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw

Dell has released a security update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that expose the popular enterprise storage systems—Unity, UnityVSA, and Unity XT— ... Read more

Published Date: Mar 31, 2025 (3 weeks, 1 day ago)
  • Help Net Security
Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft is rolling out a new gen ... Read more

Published Date: Mar 30, 2025 (3 weeks, 2 days ago)
  • The Register
CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug

CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago. Accor ... Read more

Published Date: Mar 27, 2025 (3 weeks, 4 days ago)
  • Help Net Security
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing s ... Read more

Published Date: Mar 27, 2025 (3 weeks, 4 days ago)
  • Cybersecurity News
Millions at Risk: PoC Exploit Releases for Vite Arbitrary File Read Flaw (CVE-2025-30208)

Vite, the blazing-fast frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to ... Read more

Published Date: Mar 27, 2025 (3 weeks, 5 days ago)
  • Cybersecurity News
CVE-2025-2825: Critical Vulnerability in CrushFTP Exposes Servers to Unauthenticated Access Risk

Admins urged to patch immediately as CrushFTP discloses high-severity flaw impacting versions 10 and 11.A new high-severity vulnerability has been disclosed in CrushFTP, a widely used secure file tran ... Read more

Published Date: Mar 27, 2025 (3 weeks, 5 days ago)

The following table lists the changes that have been made to the CVE-2025-2825 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Apr. 04, 2025

    Action Type Old Value New Value
    Changed Description CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval. Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
    Removed CVSS V3.1 VulnCheck: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Removed CWE CISA-ADP: CWE-287
    Removed CWE VulnCheck: CWE-287
    Removed Reference CVE: https://projectdiscovery.io/blog/crushftp-authentication-bypass
    Removed Reference VulnCheck: https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis
    Removed Reference VulnCheck: https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/
    Removed Reference VulnCheck: https://projectdiscovery.io/blog/crushftp-authentication-bypass
    Removed Reference VulnCheck: https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml
    Removed Reference VulnCheck: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
    Removed Reference VulnCheck: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
    Removed Reference VulnCheck: https://www.runzero.com/blog/crushftp/
  • CVE Rejected by [email protected]

    Apr. 04, 2025

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Apr. 02, 2025

    Action Type Old Value New Value
    Added Reference https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/
  • CVE Modified by [email protected]

    Apr. 01, 2025

    Action Type Old Value New Value
    Changed Description CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.
    Added CWE CWE-287
    Added Reference https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis
    Added Reference https://projectdiscovery.io/blog/crushftp-authentication-bypass
    Added Reference https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Mar. 28, 2025

    Action Type Old Value New Value
    Added Reference https://projectdiscovery.io/blog/crushftp-authentication-bypass
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Mar. 26, 2025

    Action Type Old Value New Value
    Added CWE CWE-287
  • New CVE Received by [email protected]

    Mar. 26, 2025

    Action Type Old Value New Value
    Added Description CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added Reference https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
    Added Reference https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
    Added Reference https://www.runzero.com/blog/crushftp/
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-2825 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-2825 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
© cvefeed.io
Latest DB Update: Apr. 22, 2025 9:43