Articles by Tag #crushftp

Browse our collection of articles on various topics related to IT technologies. Dive in and explore something new!

CVE-2025-31161: CrushFTP Authentication Bypass Vulnerability
Freedom Coder
Freedom Coder

CVE-2025-31161: CrushFTP Authentication Bypass Vulnerability

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

Learn More 2 0Jul 20
CVE-2024-4040: CrushFTP VFS Sandbox Escape Vulnerability
Freedom Coder
Freedom Coder

CVE-2024-4040: CrushFTP VFS Sandbox Escape Vulnerability

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).

Learn More 1 0Jul 20
CVE-2025-54309: CrushFTP Unprotected Alternate Channel Vulnerability
Freedom Coder
Freedom Coder

CVE-2025-54309: CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.

Learn More 1 0Jul 22