Описание
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-2825
- https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis
- https://outpost24.com/blog/crushftp-auth-bypass-vulnerability
- https://projectdiscovery.io/blog/crushftp-authentication-bypass
- https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml
- https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
- https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927
- https://www.runzero.com/blog/crushftp
Связанные уязвимости
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
Уязвимость веб-интерфейса кроссплатформенного FTP-сервера CrushFTP, позволяющая нарушителю получить несанкционированный доступ к программному обеспечению