Outbreak Alert

CrushFTP Authentication Bypass Attack

Released: May 08, 2025

CrushFTP Authentication Bypass Attack Tags

High Severity

Watch Video

Actively targeted File transfer solution

FortiGuard Labs has identified ongoing and persistent attack attempts in the wild that are aimed at exploiting CVE-2025-31161, which is an authentication bypass vulnerability found in CrushFTP file transfer server. If successfully exploited, this vulnerability could allow attackers to gain administrative access to the application, representing a significant risk to enterprise environments. Learn More »

Common Vulnerabilities and Exposures

Background

An attacker may take advantage of this vulnerability by sending a specifically crafted HTTP request to the CrushFTP server. If exploited, this vulnerability could result in complete system compromise. Attackers would be able to impersonate users, execute administrative actions, access sensitive information, and upload harmful content.

This vulnerability is remotely exploitable, and a proof-of-concept (PoC) exploit is now publicly accessible. This situation heightens the risk of swift adoption by threat actors, including ransomware groups that have previously targeted other Managed File Transfer (MFT) platforms such as MOVEit Transfer and Cleo MFT.

The versions affected range from 10.0.0 to 10.8.3 and from 11.0.0 to 11.3.0. Users are strongly advised to promptly update to versions 10.8.4 or 11.3.1 and later.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

FortiGuard Labs recommends users to apply the fix provided by the vendor and follow any instructions as mentioned on the vendor's advisory if not already done.

April 08, 2025: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/6072/crushftp-authentication-bypass
April 07, 2025: CISA Adds CVE-2025-31161 to its Known Exploited Vulnerability to Catalog.
https://www.cisa.gov/news-events/alerts/2025/04/07/cisa-adds-one-known-exploited-vulnerability-catalog
March 21, 2025: CrushFTP released an advisory.
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
AV
Vulnerability
AV (Pre-filter)
IPS
Web App Security

DETECT

IOC
Outbreak Detection
Content Update

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Vulnerability Management
Attack Surface Monitoring (Inside & Outside)
Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Vendor Update

Learn More »

Outpost24 Analysis

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

CrushFTP Authentication Bypass Attack

Actively targeted File transfer solution

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Vendor Update

Outpost24 Analysis

About FortiGuard Outbreak Alerts

Threat Intelligence
Center