Urgent Security Alert: Exploitation of CVE-2025-31161 in CrushFTP

In a concerning development for users of CrushFTP, a critical vulnerability designated as CVE-2025-31161 is currently being exploited by malicious actors. This particular flaw is an authentication bypass issue that impacts versions 10.0.0 through 10.8.3, as well as versions 11.0.0 to 11.3.0. If successfully exploited, attackers could potentially access sensitive files without needing valid credentials, and they may also gain comprehensive control over the system, depending on the specific configurations in place.

Despite the real and present threat posed by this vulnerability, it has not received the level of attention it demands. Confirmed reports have indicated that this exploitation is already taking place, marking it as a critical issue that cannot be overlooked.

To mitigate risks associated with CVE-2025-31161, it is paramount to upgrade to the latest versions—10.8.4 or 11.3.1—without delay. In situations where immediate patching is not feasible, utilizing CrushFTP’s DMZ proxy can serve as a temporary protective measure.

If you or someone you know operates CrushFTP, it is essential to verify the version currently in use and take the necessary steps to implement these updates. Given the current landscape of cyber threats, including the potential for this vulnerability to be exploited as part of a ransomware attack chain, it is in your best interest to act promptly. Stay informed and secure to safeguard your systems against this active threat.