Description

CrushFTP contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access administrative interfaces and sensitive functionality, potentially leading to complete server compromise.

Remediation

Upgrade to the latest version of CrushFTP

References

Rapid7 Vulnerability Blog

NVD - CVE-2025-2825

Related Vulnerabilities

Oracle JRE CVE-2013-5830 Vulnerability (CVE-2013-5830)

phpMyAdmin Other Vulnerability (CVE-2005-3622)

Dolibarr Incorrect Authorization Vulnerability (CVE-2021-25954)

Oracle JRE CVE-2023-21954 Vulnerability (CVE-2023-21954)

Joomla Other Vulnerability (CVE-2006-1028)

Severity

Critical

Classification

CVE-2025-2825 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Known Vulnerabilities