Lucene search
+L

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/07 12:0 a.m.33 views

CrushFTP < 11.3.1 Authentication Bypass (CVE-2025-31161) (Direct Check)

Binary data crushftpCVE-2025-31161.nbin...

9.8CVSS7AI score0.99947EPSS
Exploits18References4
Metasploit
Metasploit
added 2025/04/04 6:54 p.m.436 views

CrushFTP AWS4-HMAC Authentication Bypass

This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...

9.8CVSS7.5AI score
Exploits8
Vulnrichment
Vulnrichment
added 2025/04/03 12:0 a.m.15 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS7.7AI score0.99947EPSS
Exploits18References2
Cvelist
Cvelist
added 2025/04/03 12:0 a.m.26 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS0.99947EPSS
Exploits18References2
ATTACKERKB
ATTACKERKB
added 2025/04/03 12:0 a.m.35 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS7.8AI score0.99947EPSS
In wildExploits18References3
Rows per page
Query Builder