Urgent Security Alert: CVE-2025-31161 Exploitation in CrushFTP
In the world of cybersecurity, vulnerabilities often make headlines for various reasons, but some remain underreported despite their seriousness. One such threat is the authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. While it may not be receiving the attention it deserves, it is currently being actively exploited in the wild, posing a significant risk to users.
This vulnerability affects multiple versions of CrushFTP, specifically from 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. When exploited, attackers can gain unauthorized access to sensitive files, thereby seizing control of the system, depending on how it’s configured. The fact that there are confirmed incidents of exploitation raises red flags for anyone using these versions.
Given the active exploitation, it is imperative to take immediate action. The best course of action is to upgrade to version 10.8.4 or 11.3.1 without delay. If upgrading is not a realistic option, using CrushFTP’s DMZ proxy can offer a temporary buffer against potential attacks.
If you are running CrushFTP or know someone who does, now is the time to reassess your Software version and apply the necessary patches. Neglecting to address this vulnerability could leave you vulnerable to attacks, potentially including ransomware. Don’t wait for disaster to strike; prioritize your cybersecurity today.
Share this content: