Ethical Hacking News
A new critical authentication bypass bug in the CrushFTP file transfer software has been exploited by attackers, leaving numerous devices running unpatched versions vulnerable to remote access.
A critical authentication bypass vulnerability in CrushFTP file transfer software has been exploited, leaving numerous devices vulnerable to remote access. The vulnerability (CVE-2025-2825) allows attackers to gain unauthenticated access to devices running unpatched versions of CrushFTP v10 or v11 software. Attacks can result in gaining access to the device's file system and downloading sensitive data without prior knowledge or authorization. CrushFTP recommends patching ASAP, with a temporary workaround available for devices that cannot be updated immediately. Over 1,500 vulnerable instances remain exposed online, despite warnings from CrushFTP. This vulnerability is part of a growing concern among cybersecurity experts regarding ransomware gangs exploiting such vulnerabilities.
A critical authentication bypass vulnerability in the CrushFTP file transfer software has been exploited by attackers, leaving numerous devices running unpatched versions of the software vulnerable to remote access. The vulnerability, tracked as CVE-2025-2825, was reported by security firm Outpost24 and allows an attacker to gain unauthenticated access to devices running unpatched versions of CrushFTP v10 or v11 software.
The security flaw was discovered by Outpost24 researchers, who identified a critical vulnerability in the way that CrushFTP handled authentication requests. According to the firm, when an attacker is able to exploit this vulnerability, they can gain access to the device's file system and download sensitive data without requiring any prior knowledge or authorization.
CrushFTP warned its customers about the vulnerability on March 21st of this year, releasing patches to address the security flaw. However, due to the severity of the issue, it is recommended that admins take immediate action to patch their software ASAP. The company advised those who cannot immediately update their software to enable the DMZ (demilitarized zone) perimeter network option as a temporary workaround.
Despite the urgency with which CrushFTP recommends this measure, many devices running vulnerable versions of the software remain exposed online. According to Shadowserver security threat monitoring platform, its honeypots have detected dozens of exploitation attempts targeting Internet-exposed CrushFTP servers in recent days. Furthermore, over 1,500 vulnerable instances are still exposed online.
The warning comes on the heels of a previous incident involving CVE-2024-4040, another critical vulnerability in CrushFTP that was exploited by attackers with zero-day capabilities last year. Cybersecurity company CrowdStrike found evidence suggesting this attack was likely politically motivated and focused on intelligence gathering.
Additionally, this latest vulnerability has raised concerns among cybersecurity experts regarding the increasing interest of ransomware gangs in exploiting such vulnerabilities. Clop, a notorious ransomware gang linked to several high-profile attacks, has been identified as one of the groups targeting CrushFTP servers.
The incident highlights the importance of timely software updates and patching of vulnerable systems to prevent exploitation by attackers. The recent surge in successful exploits highlights the ongoing struggle for organizations to stay secure against an increasingly sophisticated and relentless threat landscape.
In response to this vulnerability, it is essential that organizations take immediate action to assess their exposure to potential attacks. Ensuring all software is up-to-date with the latest security patches will be a critical component of preventing unauthorized access to devices.
Related Information:
https://www.ethicalhackingnews.com/articles/CrushFTP-Critical-Auth-Bypass-Bug-A-Growing-Threat-to-File-Transfer-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/critical-auth-bypass-bug-in-crushftp-now-exploited-in-attacks/
https://cybersecuritynews.com/crushftp-vulnerability-exploited/
https://nvd.nist.gov/vuln/detail/CVE-2025-2825
https://www.cvedetails.com/cve/CVE-2025-2825/
https://nvd.nist.gov/vuln/detail/CVE-2024-4040
https://www.cvedetails.com/cve/CVE-2024-4040/
Published: Tue Apr 1 10:33:59 2025 by llama3.2 3B Q4_K_M
