AI description
CVE-2025-2825 affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. This vulnerability allows unauthenticated remote attackers to gain unauthorized access to the CrushFTP server. Specifically, unauthenticated HTTP requests can be made to the CrushFTP server, potentially leading to complete system compromise, unauthorized access to sensitive data, data theft or manipulation, and a breach of confidentiality, integrity, and availability.
- Description
- CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-287
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Modat Magnify Alert: We’ve identified ~2,500 exposed CrushFTP instances worldwide. According to @Shadowserver ~1,800 may be vulnerable to CVE-2025-2825 (CVSS 9.8) — an auth bypass via HTTP(S) that can be exploited. https://t.co/TYQQbwss1F #ModatMagnify #crushftp #infosec #cve
@modat_magnify
28 Mar 2025
57 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2825: CrushFTP Authentication Bypass (CVSS 9.8) 🚨 A critical auth bypass in CrushFTP 10.0.0–10.8.3 and 11.0.0–11.3.0 allows remote attackers to gain full access using S3-style headers. The flaw stems from improper handling of authentication flags—letting attackers h
@pdiscoveryio
28 Mar 2025
925 Impressions
5 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 Breaking: CrushFTP's latest feature? Unauthenticated Access! Just kidding – but CVE-2025-2825 sure makes it seem so. Check out the full exploit review before your server parties like it's 1999: https://t.co/Xwcjir2O0b #CyberSecurity #CVE2025_2825 😎 https://t.co/KpsBVIj5EQ
@InezVlasblom
27 Mar 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our Indicators of Compromise blog post for CVE-2025-2825, an authentication bypass affecting #CrushFTP. https://t.co/1F0WfFhwlA
@Horizon3Attack
27 Mar 2025
6964 Impressions
41 Retweets
67 Likes
35 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-2825 ⚠️🔴 CRITICAL (9.8) 🏢 CrushFTP - CrushFTP 🏗️ 11.0.0 🔗 https://t.co/D5Ve1CpEyu 🔗 https://t.co/fw2zKcPM2x 🔗 https://t.co/piHgBpXSL8 #CyberCron #VulnAlert #InfoSec https://t.co/H2yqIqkVQb
@cybercronai
27 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2825: Critical flaw in CrushFTP allows unauthenticated remote access. Patch immediately—attackers can bypass authentication completely. Details: https://t.co/6fPA7nNVkF #CyberSecurity #PatchNow
@adriananglin
27 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CrushFTP: Patch critical #vulnerability ASAP! (#CVE-2025-2825) https://t.co/0auqLymTXk
@ScyScan
27 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) https://t.co/H0Xzncn0xl #HelpNetSecurity #Cybersecurity https://t.co/D8WTiqMRuS
@PoseidonTPA
27 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-2825: Unauthenticated HTTP(S) port access on CrushFTPv10/v11 CVSS: 9.8 https://t.co/nmQIp3mRu4
@DarkWebInformer
26 Mar 2025
5905 Impressions
19 Retweets
47 Likes
13 Bookmarks
0 Replies
1 Quote
CVE-2025-2825 CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated … https://t.co/4uOX9h5biW
@CVEnew
26 Mar 2025
259 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
It's been 5 days since CrushFTP publicly disclosed a new vulnerability. But no CVE assignment. It's within VulnCheck CNA scope to assign so we figured it would be helpful (see: CVE-2025-2825). Sent CrushFTP a courtesy email. 🤷♂️ https://t.co/ItNo2ea5f3
@Junior_Baines
26 Mar 2025
10917 Impressions
14 Retweets
45 Likes
11 Bookmarks
2 Replies
1 Quote
New post from https://t.co/uXvPWJy6tj (CVE-2025-2825 | CrushFTP up to 10.8.3/11.3.0 HTTP Request improper authentication) has been published on https://t.co/5lDSTXCceS
@WolfgangSesin
26 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2825: CRITICAL] Critical vulnerability in CrushFTP versions 10.0.0-10.8.3 & 11.0.0-11.3.0 allows unauthenticated access. Attackers can exploit this flaw remotely through HTTP requests.#cybersecurity,#vulnerability https://t.co/I9jAkmyBur https://t.co/p2amrFVxFe
@CveFindCom
26 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes