icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Critical Auth Bypass Bug in CrushFTP Now Exploited in Attacks

Summary:
Attackers are actively exploiting a critical authentication bypass vulnerability in CrushFTP file transfer software, tracked as CVE-2025-2825. This flaw, discovered and reported by Outpost24, affects unpatched versions 10 and 11 of CrushFTP and allows remote attackers to gain unauthenticated access to the system. The vulnerability is particularly dangerous when HTTPs ports are exposed to the internet. On March 21, CrushFTP released security patches and urgently warned customers via email to patch their systems immediately, emphasizing the high risk of compromise.

Despite the release of patches and guidance, exploitation attempts have already begun. A week after the initial advisory, Shadowserver, a cybersecurity threat monitoring platform reported observing dozens of exploitation attempts targeting publicly accessible CrushFTP servers. As of March 30, more than 1,500 vulnerable instances were still exposed online. These attacks escalated shortly after ProjectDiscovery published a detailed technical analysis and released publicly available proof-of-concept exploit code.

Security Officer Comments:
CrushFTP servers are often attractive targets due to the sensitive nature of the data they manage, including financial records, proprietary files, and login credentials. Organizations relying on these systems are at heightened risk of data theft, lateral movement, or ransomware deployment if compromised. The public availability of exploit code makes CVE-2025-2825 particularly urgent, as both financially motivated cybercriminals and advanced persistent threat actors could use it to gain initial access into enterprise environments.

Suggested Corrections:
For organizations unable to patch right away, CrushFTP recommended enabling the DMZ perimeter network setting as a temporary workaround to reduce exposure.

Link(s):
https://www.bleepingcomputer.com/ne...ass-bug-in-crushftp-now-exploited-in-attacks/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-2825

https://projectdiscovery.io/blog/crushftp-authentication-bypass

Contact Us for Threat Assistance
Back to Current Threats