19 matches found
CrushFTP - Authentication Bypass
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-31161 info: name: CrushFTP - Authenticati...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-3116...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-31161 – Authentication Bypass in CrushFTP 👊 | Catego...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-31161 - CrushFTP User Creation Authentication Bypass...
📄 CrushFTP 11.3.1 Authentication Bypass / Race Condition
CrushFTP versions prior to 10.8.4 and 11.3.1 suffer from an authentication bypass vulnerability via a race condition and header parsing logic flaw in the AWS4-HMAC authorization mechanism. Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit...
CrushFTP 11.3.1 - Authentication Bypass
Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.crushftp.com Software Link: https://www.crushftp.com/download.html Version: =2.28.1 , colorama=0.4.6 ,...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-31161 / CVE-2025-2825 python exploit Для обработки о...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CrushFTP CVE-2025-31161 Exploit Tool 🔓 Advanced detection an...
Exploit for CVE-2025-2825
It is an exploit module/toolkit targeting CrushedFTP. The tool,...
Imperva Customers Are Protected Against CVE-2025-31161 in CrushFTP
Introduction A critical security vulnerability, identified as CVE-2025-31161 previously tracked as CVE-2025-2825, has been discovered in CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. This flaw allows unauthenticated remote attackers to access unpatched CrushFTP servers if...
CrushFTP < 11.3.1 Authentication Bypass (CVE-2025-31161) (Direct Check)
Binary data crushftpCVE-2025-31161.nbin...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP (versions < 10.8.4 and
CVE-2025-31161
creationtimestamp| type| source ---|---|--- 2025-04-01 13:41:11+00:00| exploited| https://t.me/informationsecuritychannel/53322 2025-04-02 18:27:07+00:00| seen| https://bsky.app/profile/theitnerd.bsky.social/post/3lltzaeredv2p 2025-04-03 03:53:25+00:00| seen|...
VulnCheck KEV: CVE-2025-31161
CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account e.g., crushadmin, potentially leading to a full compromise...