CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 28, 2025

CVE-2025-31161

High

EPSS 87.3%CISA KEVRansomware

Description

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

EPSS — Exploit Probability

87.3%

Higher than 99.4% of all CVEs

Required Action

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update ; https://nvd.nist.gov/vuln/detail/CVE-2025-31161

Related Articles (1)

Vulnerabilities

Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)

CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape th...

Mar 3, 2026

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 87.3%
CISA KEV: Yes
Ransomware: Known
Articles: 1

Timeline

Published

Apr 7, 2025

Added to KEV

Apr 7, 2025

Remediation Due

Apr 28, 2025

Affected Product

CrushFTP

View all CrushFTP CVEs

External Links

NVD (NIST)CVE Details MITRE CVE