As file transfer applications remain attractive targets for threat actors, organizations should maintain vigilance and promptly apply security updates to mitigate potential compromise through this critical vulnerability. Designated as CVE-2025-31161, this vulnerability is actively being exploited in the wild, posing significant security risks to organizations using affected versions of the software. On April 7, 2025, CISA added the vulnerability to its KEV catalog under Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Huntress researchers have observed in-the-wild exploitation as early as March 30, 2025, with attackers leveraging the vulnerability to deploy remote management tools and other malware for post-exploitation activities. Security experts recommend immediate action to update CrushFTP installations to patched versions, especially for internet-facing instances that opportunistic attackers could target. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA noted in its advisory. With a CVSS score of 9.8 (Critical), this vulnerability enables remote attackers to gain unauthenticated access to systems running unpatched CrushFTP instances. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Security researchers at Outpost24 discovered the flaw, which stems from a critical issue in how CrushFTP processes S3 authorization headers. CrushFTP released patches addressing the vulnerability in versions 10.8.4 and 11.3.1 on March 21, 2025. She is covering various cyber security incidents happening in the Cyber Space.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Apr 2025 08:00:13 +0000