Summary: A critical vulnerability in the Crush file transfer tool (CVE-2025-31161) is being actively exploited by hackers, prompting urgent warnings from federal cybersecurity officials and CrushFTP. The issue was disclosed by Outpost24, which aimed to provide time for users to patch the vulnerability before it became public. The Kill ransomware gang has claimed to have accessed sensitive data through this exploit and is now threatening victims with extortion.
Affected: CrushFTP users (thousands of companies)
Keypoints:
- Hackers are exploiting a vulnerability in CrushFTP, with warnings issued by CISA.
- The bug was discovered by Outpost24 and was to be disclosed after a 90-day period to allow for updates, but was publicly revealed early.
- CrushFTP is urging all customers to update their systems immediately as incidents of exploitation have been confirmed across various industries.
- Federal agencies have a deadline until April 28 to patch CrushFTP instances.
Source: https://therecord.media/crushftp-vulnerability-exploited