5 matches found
CrushFTP < 11.3.1 Authentication Bypass (CVE-2025-31161) (Direct Check)
Binary data crushftpCVE-2025-31161.nbin...
CrushFTP AWS4-HMAC Authentication Bypass
This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...