Urgent Security Advisory: Addressing CVE-2025-31161 in CrushFTP
Attention all CrushFTP users! A serious security vulnerability, identified as CVE-2025-31161, is currently being exploited in the wild, and it has not received the level of attention it deserves.
This critical flaw involves an authentication bypass in CrushFTP, impacting versions 10.0.0 through 10.8.3, as well as 11.0.0 through 11.3.0. If left unaddressed, this vulnerability could enable malicious actors to access sensitive files without valid credentials and, depending on system configurations, potentially take full control over the affected systems.
Despite the confirmation of ongoing exploitation, awareness remains surprisingly low. To mitigate this risk, it is crucial to upgrade to the more secure versions—10.8.4 or 11.3.1—immediately.
For those unable to implement a patch right away, utilizing CrushFTP’s DMZ proxy can serve as a temporary safeguard against potential breaches.
If you or someone you know utilizes CrushFTP, now is the time to review your current version and take the necessary steps to secure your systems. Given the severity of this vulnerability, it is entirely plausible that we may soon see its integration into ransomware attacks. Don’t wait until it’s too late—act now to protect your data and systems.
Share this content: