CrushFTP vulnerability exploited in the wild, added to CISA KEV database

LovabledanielsApril 8, 202551 Views

A critical flaw was discovered in file transfer tool CrushFTP
Experts claim the issue was being abused in the wild
CISA added the flaw to its KEV catalog

A critical-severity vulnerability plaguing file transfer software CrushFTP was found being actively exploited in the wild.

Earlier this month, it was reported that the software, commonly used by organizations to handle large-scale file transfers, contained an authentication bypass vulnerability which allowed unauthenticated attackers to gain administrative access.

By specifically targeting the crushadmin account, threat actors could abuse the flaw to compromise the target system entirely.

CISA adds it to KEV

The flaw is now tracked as CVE-2025-31161, and was given a severity score of 9.8/10 (critical)

It affects CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1. Users are strongly advised to update to these versions immediately, and if they can’t, enabling the DMZ proxy instance can serve as a temporary workaround.

Security researchers have warned that the bugs were used in the wild to install remote management tools like AnyDesk and MeshAgent, The Hacker News reported.

CISA has also picked up on the news, adding the bug to its Known Exploited Vulnerabilities Catalog (KEV). This means that Federal Civilian Executive Branch (FCEB) agencies have a three-week deadline (until April 28) to apply the patch, or stop using CrushFTP entirely.

Cybercriminals often target managed file transfer software vulnerabilities, since they could allow access to sensitive corporate files and databases. In fact, one of the most devastating cyberattacks in recent history happened in 2023, when ransomware operator Cl0p abused a previously unknown SQL injection vulnerability in MOVEit managed file transfer software to breach hundreds of corporations around the world.

A year before that, GoAnywhere MFT was breached and used to steal sensitive data from almost 130 organizations, and in January 2024, the same software was found to be vulnerable to a critical path traversal weakness flaw.

Weekly update

China says it will pay no attention to Trump’s ‘tariff numbers game’ | Trade War News

“God Showed Me His Love”: Saudi Praises Ruff In Heartfelt Post Of Gratitude

US judge says ‘probable cause’ to hold Trump administration in contempt | Donald Trump News

Weekly Newsletter

CrushFTP vulnerability exploited in the wild, added to CISA KEV database

Leave a comment

Leave a Reply Cancel reply

Explore more

“God Showed Me His Love”: Saudi Praises Ruff In Heartfelt Post Of Gratitude

US judge says ‘probable cause’ to hold Trump administration in contempt | Donald Trump News

Russia-Ukraine war: List of key events, day 1,148 | Russia-Ukraine war News

Trump touts ‘progress’ in Japan trade talks, as uncertainty roils stocks | Donald Trump News

ChatGPT just got a massive upgrade that takes it to the next level – here are the 3 biggest changes

I’ve never seen so many bug fixes in an Nvidia GPU driver, as new release offers vital cures for black screen crashes, Windows 11 24H2 glitches and more

AWS says half of Microsoft Azure customers would shift to them if not for licensing costs

Forget AI, children still need to learn how to code, Github CEO says – here’s how you can get them to start

Get to Know Us

Let's keep in touch