Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code. Based on Shadowserver Foundation’s most recent monitoring data, approximately 1,512 unpatched instances remain vulnerable globally as of March 30, 2025, with North America hosting the majority (891) of these exposed servers. The latest data from Shadowserver’s monitoring dashboard shows Europe hosting the second-largest number of vulnerable instances at 490, followed by Asia (62), Oceania (45), and both South America and Africa with 12 instances each. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. First disclosed on March 26, 2025, it allows unauthenticated remote attackers to bypass authentication via a specially crafted HTTP request, potentially leading to complete system compromise. The vulnerability stems from flawed authentication logic when processing S3-style requests, where the system incorrectly accepts the “crushadmin/” credential as valid without proper password verification. The recurring pattern of authentication vulnerabilities in file transfer solutions reflects a concerning trend, as attackers continue to target these critical infrastructure components as entry points into corporate networks. Kaaviya is a Security Editor and fellow reporter with Cyber Security News.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Apr 2025 07:50:03 +0000