CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 28, 2025
High
CISA KEVRansomwareCVE-2025-31161
CrushFTP—CrushFTP
CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
Required Action
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update ; https://nvd.nist.gov/vuln/detail/CVE-2025-31161
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Apr 7, 2025
- KEV Added
- Apr 7, 2025
- Due Date
- Apr 28, 2025
- Related Articles
- 0
Vendor
CrushFTP
CrushFTP