Main Vulnerability Database Exploits ID:11309 - Exploit for Missing authorization in CrushFTP - CVE-2025-2825

ID:11309 - Exploit for Missing authorization in CrushFTP - CVE-2025-2825

Published: April 11, 2025

Vulnerability identifier: #VU106062

Vulnerability risk: Critical

CVE-ID: CVE-2025-2825

CWE-ID: CWE-862

Exploitation vector: Remote access

Vulnerable software:
CrushFTP

Link to public exploit:

https://github.com/Immersive-Labs-Sec/CVE-2025-31161

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a missing authorization. A remote attacker can directly connect to the web server interface without credentials and gain full control over the server.

Remediation

Install updates from vendor's website.

ID:11309 - Exploit for Missing authorization in CrushFTP - CVE-2025-2825

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human