VDB
WID-SEC-W-2025-0615
WID-SEC-W-2025-0615
PUBLISHED
CrushFTP ist eine File-Transfer Software für verschiedene Plattformen.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CrushFTP CrushFTP v11 | ||
| CrushFTP CrushFTP <v11.3.1 | ||
| CrushFTP CrushFTP v11.3.1 |
Exploit Intelligence
- PoC Authentication Bypass to RCE to Exploit CVE-2025-31161 (github-poc-repo)
- A proof of concept for CVE-2025-31161, using mangled HTTP header to perform unauthenticated impersonation of any user in Crush FTP server. (github-poc-repo)
- Wrote an exploit in Go for CVE-2025-31161 affecting crushFTP. (github-poc-repo)
- CVE-2025-31161 (github-poc-repo)
- CVE-2025-31161 (github-poc)
- Wrote an exploit in Go for CVE-2025-31161 affecting crushFTP. (github-poc)
- A proof of concept for CVE-2025-31161, using mangled HTTP header to perform unauthenticated impersonation of any user in Crush FTP server. (github-poc)
- PoC Authentication Bypass to RCE to Exploit CVE-2025-31161 (github-poc)
- ch3m1cl/CVE-2025-31161 (github-poc)
- 0xDTC/CrushFTP-auth-bypass-CVE-2025-31161 (github-poc)
…and 34 more exploits
Timeline
- Mar 20, 2025 CVE Published
- Apr 2, 2025 CVE Updated
- Jun 7, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0615.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0615 advisory
- https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update url
- https://www.runzero.com/blog/crushftp/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-2825 url
- https://projectdiscovery.io/blog/crushftp-authentication-bypass url