Security News > 2025 > April > Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, is an authentication bypass vulnerability that may allow unauthenticated attackers to access CrushFTP servers through an exposed HTTP(S) port. The vulnerability was privately disclosed to CrushFTP customers via email on … More → The post Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/04/01/crushftp-vulnerability-exploitation-cve-2025-2825/
Related news
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- CVE fallout: The splintering of the standard vulnerability tracking system has begun (source)
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) (source)
- How to Automate CVE and Vulnerability Advisory Response with Tines (source)
- Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) (source)
- Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) (source)
- Beyond Vulnerability Management – Can You CVE What I CVE? (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-26 | CVE-2025-2825 | Rejected reason: DO NOT USE THIS CVE RECORD. | 0.0 |