Web Application Security090502336 - CrushFTP.AWS.Header.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in CrushFTP.
The vulnerability is due to a lack of proper validation of user-supplied data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could allow an attacker to log in as an authenticated user.
Outbreak Alert
FortiGuard Labs has identified ongoing and persistent attack attempts in the wild that are aimed at exploiting CVE-2025-31161, which is an authentication bypass vulnerability found in CrushFTP file transfer server. If successfully exploited, this vulnerability could allow attackers to gain administrative access to the application, representing a significant risk to enterprise environments.
Affected Products
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0
Impact
Security Bypass: Remote attackers can bypass security features of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-04-30 | 0.00400 |
New
|
| ID | 1090502336 |
| Created | Apr 30, 2025 |
| Updated | Apr 30, 2025 |
| CVE ID | |
| Tags | CrushFTP Authentication Bypass Threat Signal |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |
| Engine Version | 5.0.0 or later |