CrushFTP Vulnerability Exploited to Bypass Authentication

CrushFTP addressed this vulnerability in version 11.3.1 by adding a new security parameter s3_auth_lookup_password_supported set to false by default and implementing proper security checks in the authentication flow. A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. Security experts recommend implementing additional security measures to restrict server connections, such as strong authentication methods, regular security audits, and network-level access controls. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The core issue involves parameter overloading in the authentication system, where a flag meant for password lookup (lookup_user_pass) was reused as an authentication bypass control (anyPass). Security researchers at ProjectDiscovery documented that exploiting this vulnerability requires minimal technical knowledge. “This is a clear authentication bypass, the password check is skipped entirely,” explained researchers at ProjectDiscovery. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. ProjectDiscovery has released a Nuclei template for detecting vulnerable CrushFTP instances, allowing organizations to identify at-risk servers across their infrastructure.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 31 Mar 2025 15:15:15 +0000

Cyber News related to CrushFTP Vulnerability Exploited to Bypass Authentication

CrushFTP zero-day exploited to gain admin access on servers - CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. The attack occurs via the software's ...
2 months ago Bleepingcomputer.com CVE-2025-54309

CrushFTP zero-day exploited in attacks to gain admin access on servers - The attack occurs via the software's web interface in versions prior to CrushFTP v10.8.5 and CrushFTP v11.3.4_23. It is unclear when these versions were released, but CrushFTP says around July 1st. CrushFTP is warning that threat actors are ...
2 months ago Bleepingcomputer.com CVE-2025-54309

New CrushFTP zero-day exploited in attacks to hijack servers - The attack occurs via the software's web interface in versions prior to CrushFTP v10.8.5 and CrushFTP v11.3.4_23. It is unclear when these versions were released, but CrushFTP says around July 1st. CrushFTP is warning that threat actors are ...
2 months ago Bleepingcomputer.com CVE-2025-54309

Critical auth bypass bug in CrushFTP now exploited in attacks - CrushFTP customers were also warned to patch a critical remote code execution bug (CVE-2023-43177) in the company's enterprise suite in November 2023 after Converge security researchers (who discovered and reported the flaw) released a ...
6 months ago Bleepingcomputer.com CVE-2023-43177

CrushFTP warns users to patch unauthenticated access flaw immediately - In November 2023, CrushFTP customers were also warned to patch a critical remote code execution vulnerability (CVE-2023-43177) in the company's enterprise suite after Converge security researchers who reported the flaw released a proof-of-concept ...
6 months ago Bleepingcomputer.com CVE-2023-43177

Exploit for CrushFTP RCE chain released, patch now - A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. The ...
1 year ago Bleepingcomputer.com CVE-2023-43177

Over 1,000 CrushFTP servers exposed to ongoing hijack attacks - The security vulnerability (CVE-2025-54309) is due to mishandled AS2 validation and impacts all CrushFTP versions below 10.8.5 and 11.3.4_23. The vendor tagged the flaw as actively exploited in the wild on July 19th, noting ...
2 months ago Bleepingcomputer.com CVE-2025-54309

New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers - A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Shadowserver honeypots began recording ...
2 months ago Cybersecuritynews.com CVE-2025-31161

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News - Someone else looking for some fame, it seems, managed to reverse engineer our changes that we had bundled up and published a public disclosure detailing the exploit method and taking credit for the vulnerability,” a spokesperson for CrushFTP told ...
6 months ago Therecord.media CVE-2025-31161

CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks - As file transfer applications remain attractive targets for threat actors, organizations should maintain vigilance and promptly apply security updates to mitigate potential compromise through this critical vulnerability. Designated as CVE-2025-31161, ...
6 months ago Cybersecuritynews.com CVE-2025-31161

CrushFTP 0-Day RCE Vulnerability Technical Details and PoC Released - This vulnerability achieves its critical CVSS 9.8 rating due to three key factors: no authentication requirements, remote accessibility from anywhere on the internet, and complete system compromise through RCE capabilities. The exploit tool supports ...
2 months ago Cybersecuritynews.com CVE-2025-54309

CrushFTP Vulnerability Exploited to Bypass Authentication - CrushFTP addressed this vulnerability in version 11.3.1 by adding a new security parameter s3_auth_lookup_password_supported set to false by default and implementing proper security checks in the authentication flow. A critical vulnerability ...
6 months ago Cybersecuritynews.com CVE-2025-2825

CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access - As of March 25, 2025, neither vulnerability is known to have been exploited in the wild, but security professionals emphasize that rapid patching is essential given the critical nature of these file transfer systems and the history of similar ...
6 months ago Cybersecuritynews.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com

PoC Exploit for CrushFTP 0-Day Vulnerability Released - A recent security development has emerged with the release of a Proof of Concept (PoC) exploit targeting a zero-day vulnerability in CrushFTP, a popular file transfer server software. This vulnerability allows attackers to execute arbitrary code ...
1 month ago Cybersecuritynews.com CVE-2023-34362

Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke

High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke

How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com

North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 Rocke BianLian

Top 10 Best Passwordless Authentication Tools in 2025 - Auth0 provides a flexible authentication and authorization platform that supports passwordless login methods, enhancing security and user experience by eliminating the need for traditional passwords. Okta provides a robust identity and access ...
6 months ago Cybersecuritynews.com

Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
2 months ago Cybersecuritynews.com CVE-2025-6558