As of March 25, 2025, neither vulnerability is known to have been exploited in the wild, but security professionals emphasize that rapid patching is essential given the critical nature of these file transfer systems and the history of similar vulnerabilities being targeted soon after disclosure. “The unauthorized port access vulnerability creates a significant security risk for organizations relying on CrushFTP for sensitive file transfers,” said a Rapid7 security analyst. InsightVM and Nexpose customers who run CrushFTP on Linux can assess their exposure to the unauthenticated HTTP(S) port access issue with vulnerability checks available since March 21, 2025. On March 21, 2025, CrushFTP developers disclosed this security flaw to customers via email, confirming that both version 10 and 11 installations are vulnerable if specific configurations are in place. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. File transfer technologies like CrushFTP are considered high-value targets for ransomware operators and threat actors seeking to access and exfiltrate sensitive organizational data quickly.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Mar 2025 14:30:15 +0000