Endpoint Vulnerability

CrushFTP crushadmin Authentication Bypass Vulnerability

Description

CrushFTP 10 (<=10.8.3) and 11 (<=11.3.0) have a race condition in AWS4-HMAC auth that allows unauthenticated users to bypass login and gain crushadmin access, enabling full system compromise.

Outbreak Alert

FortiGuard Labs has identified ongoing and persistent attack attempts in the wild that are aimed at exploiting CVE-2025-31161, which is an authentication bypass vulnerability found in CrushFTP file transfer server. If successfully exploited, this vulnerability could allow attackers to gain administrative access to the application, representing a significant risk to enterprise environments.

View the full Outbreak Alert Report

Affected Applications

CrushFTP

Version Updates

Date	Version	Status	Detail
2025-04-08	1.00835	New	CrushFTP

References

https://crushftp.com/crush11wiki/Wiki.jsp?page=Update#section-Update-VulnerabilityInfo

ID	6108
Created	Apr 08, 2025
Description Updated	Jan 16, 2026
CVE ID
Tags	CrushFTP Authentication Bypass Threat Signal
Risk
Coverage	FortiClient
OS	Windows
Vendor	CrushFTP
Patch	manual
Application	CrushFTP

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

CrushFTP crushadmin Authentication Bypass Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

CrushFTP crushadmin Authentication Bypass Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center