CVE-2025-31161: CrushFTP Authentication Bypass Vulnerability. CrushFTP

CrushFTP Authentication Bypass Vulnerability. CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

• CISA KEV-listed (remediation due 2025-04-28)
• used in ransomware campaigns
• EPSS 88.9% (99.5% percentile)

Detection rules

• Suspicious CrushFTP Child Process medium

Browse the CVE database

Read the full analysis on IntelFusions