Lucene search
K

19 matches found

Nuclei
Nuclei
added 6 days ago78 views

CrushFTP - Authentication Bypass

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-31161 info: name: CrushFTP - Authenticati...

9.8CVSS7.4AI score0.99947EPSS
Exploits18References4
GithubExploit
GithubExploit
added 2026/02/23 12:42 a.m.153 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-3116...

9.8CVSS8.6AI score0.99947EPSS
Exploits18
GithubExploit
GithubExploit
added 2025/06/06 9:14 a.m.323 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 – Authentication Bypass in CrushFTP 👊 | Catego...

9.8CVSS10AI score0.99947EPSS
Exploits22
GithubExploit
GithubExploit
added 2025/05/23 9:4 p.m.324 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP User Creation Authentication Bypass...

9.8CVSS9.5AI score0.99947EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.121 views

📄 CrushFTP 11.3.1 Authentication Bypass / Race Condition

CrushFTP versions prior to 10.8.4 and 11.3.1 suffer from an authentication bypass vulnerability via a race condition and header parsing logic flaw in the AWS4-HMAC authorization mechanism. Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit...

9.8CVSS7.4AI score0.99947EPSS
Exploits18
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.302 views

CrushFTP 11.3.1 - Authentication Bypass

Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.crushftp.com Software Link: https://www.crushftp.com/download.html Version: =2.28.1 , colorama=0.4.6 ,...

9.8CVSS7.4AI score0.99947EPSS
Exploits18
GithubExploit
GithubExploit
added 2025/04/24 10:9 p.m.348 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 / CVE-2025-2825 python exploit Для обработки о...

9.8CVSS9.9AI score0.99947EPSS
Exploits22
GithubExploit
GithubExploit
added 2025/04/21 11:57 p.m.309 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CrushFTP CVE-2025-31161 Exploit Tool 🔓 Advanced detection an...

9.8CVSS7.6AI score0.99947EPSS
Exploits18
GithubExploit
GithubExploit
added 2025/04/11 10:54 a.m.353 views

Exploit for CVE-2025-2825

It is an exploit module/toolkit targeting CrushedFTP. The tool,...

9.8CVSS9.8AI score0.99947EPSS
Exploits22
Imperva Blog
Imperva Blog
added 2025/04/10 7:5 p.m.25 views

Imperva Customers Are Protected Against CVE-2025-31161 in CrushFTP

Introduction A critical security vulnerability, identified as CVE-2025-31161 previously tracked as CVE-2025-2825, has been discovered in CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. This flaw allows unauthenticated remote attackers to access unpatched CrushFTP servers if...

9.8CVSS7.8AI score0.99947EPSS
Exploits30
Tenable Nessus
Tenable Nessus
added 2025/04/07 12:0 a.m.31 views

CrushFTP < 11.3.1 Authentication Bypass (CVE-2025-31161) (Direct Check)

Binary data crushftpCVE-2025-31161.nbin...

9.8CVSS7AI score0.99947EPSS
Exploits18References4
RedhatCVE
RedhatCVE
added 2025/04/05 12:21 a.m.35 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS7.8AI score0.99947EPSS
Exploits18References1
NVD
NVD
added 2025/04/03 8:15 p.m.26 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS0.99947EPSS
Exploits18References10
Cvelist
Cvelist
added 2025/04/03 12:0 a.m.24 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS0.99947EPSS
Exploits18References2
ATTACKERKB
ATTACKERKB
added 2025/04/03 12:0 a.m.35 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS7.8AI score0.99947EPSS
In wildExploits18References3
Vulnrichment
Vulnrichment
added 2025/04/03 12:0 a.m.15 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS7.7AI score0.99947EPSS
Exploits18References2
CVE
CVE
added 2025/04/03 12:0 a.m.431 views

CVE-2025-31161

CrushFTP (versions &lt; 10.8.4 and

9.8CVSS7.7AI score0.99947EPSS
In wildExploits18References10Affected Software1
Circl
Circl
added 2025/04/01 1:41 p.m.13 views

CVE-2025-31161

creationtimestamp| type| source ---|---|--- 2025-04-01 13:41:11+00:00| exploited| https://t.me/informationsecuritychannel/53322 2025-04-02 18:27:07+00:00| seen| https://bsky.app/profile/theitnerd.bsky.social/post/3lltzaeredv2p 2025-04-03 03:53:25+00:00| seen|...

9.8CVSS7.5AI score0.99947EPSS
Exploits18References92
VulnCheck KEV
VulnCheck KEV
added 2024/04/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-31161

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account e.g., crushadmin, potentially leading to a full compromise...

9.8CVSS7.5AI score0.99947EPSS
Exploits18References1
Rows per page
Query Builder