CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Article thumbnail image

This post was originally published on Security Affairs. It can be found here.

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code.

Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code.

The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, it may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.

The file transfer software maker CrushFTP urge customers to take immediate action to address the vulnerability. Admins unable to update their installs should enable the DMZ perimeter network as a temporary security measure.

Researchers at Shadowserver warned that threat actors are attempting to exploit the vulnerability in the wild, they found approximately 1,800 vulnerable instances exposed online, mainly (904) in the US.

An update provided by Shadowserer on March 30, 2025, reports that more than 1500 vulnerable instances are exposed online.

“We are observing CrushFTP CVE-2025-2825 exploitation attempts based on publicly available PoC exploit code. You can track attempts on our Dashboard at dashboard.shadowserver.org/statistics/h… Still 1512 unpatched instances vulnerable to CVE-2025-2825.” reads the update.

Your sentence is already well-structured, but here’s a slight refinement for clarity and flow:

Threat actors, including the ransomware group Cl0p, are known for attacking file transfer software such as Accellion FTA, MOVEit Transfer, GoAnywhere MFT, and Cleo.

In January, the Clop ransomware group added 59 new companies to its leak site, the gang claimed to have breached them by exploiting a vulnerability ​​in Cleo file transfer products. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CrushFTP)

This post was originally published on this site

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 1 year ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 1 year ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 1 year ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 1 year ago

LATEST POSTS
An international law enforcement operation shuts down Kidflix, a child sexual a
Article thumbnail image
A new Triada trojan variant comes preinstalled on Android devices, stealing dat
FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that p
Article thumbnail image
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat