13 matches found
Exploit for CVE-2025-2825
!Exploi...
Exploit for CVE-2025-2825
It is an exploit module/toolkit targeting CrushedFTP. The tool,...
Vulnerability fixed in CrushFTP
CrushFTP has fixed a vulnerability in versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability allows a malicious party to gain unauthenticated remote access via HTTP requests, which can lead to unauthorized access. Systems using CrushFTP's DMZ Proxy instance are not vulnerable...
CrushFTP AWS4-HMAC Authentication Bypass
This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...
Exploit for CVE-2025-2825
CVE-2025-2825 - CrushFTP WebInterface Authentication bypass C...
CVE-2025-2825
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct...
CrushFTP - Authentication Bypass
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-2825 info: name: CrushFTP - Authenticatio...
CVE-2025-2825
creationtimestamp| type| source ---|---|--- 2025-03-26 16:25:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8885 2025-03-26 16:40:22+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llc7z6h24d2u 2025-03-26 18:04:07+00:00| seen| https://t.me/cvedetector/21185 2025-03-26...
CVE-2025-2825
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent...
CVE-2025-2825
...
CVE-2025-2825
CVE-2025-2825 is tied to a CrushFTP authentication bypass vulnerability. Affected products: CrushFTP Server versions 10.x before 10.8.4 and 11.x before 11.3.1. Exploitation could allow account takeover due to bypassed authorization in the login/auth flow. Remediation (if the record applies): upgr...
CVE-2025-2825
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent...
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable unrelated vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js...