Summary: A critical authentication bypass vulnerability in CrushFTP, tracked as CVE-2025-31161, is actively being exploited, allowing attackers to take control of vulnerable instances. The flaw, fixed in recent updates, has led to exploitation affecting multiple organizations across various sectors. The U.S. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog after observing in-the-wild exploitation.
Affected: CrushFTP
Keypoints :
- A vulnerability allows unauthenticated access to user accounts, potentially leading to a full compromise.
- Exploitation has been seen across four distinct companies, primarily in the marketing, retail, and semiconductor sectors.
- Active exploitation has resulted in the installation of legitimate remote desktop software and credential harvesting.
Source: https://thehackernews.com/2025/04/cisa-adds-crushftp-vulnerability-to-kev.html