Known vulnerabilities in CrushFTP CrushFTP

[]

Known vulnerabilities in CrushFTP CrushFTP

Vendor: CrushFTP

Website: https://www.crushftp.com/index.html

Total Security Bulletins: 13

Security bulletins (13)

Secuity bulletin	Severity	Status	Published
SB2025120138: Multiple vulnerabilities in CrushFTP	Medium	Patched Public exploit	01.12.2025
SB2025072108: Authentication bypass in CrushFTP	Critical	Patched Exploited	21.07.2025
SB2025061359: Cross-site scripting in CrushFTP	Low	Patched	13.06.2025
SB2025032652: Missing authorization in CrushFTP	Critical	Patched Exploited	26.03.2025
SB2025032651: Account takeover via password reset feature in CrushFTP	Medium	Patched	26.03.2025
SB2025032650: Cross-site scripting in CrushFTP	Low	Patched	26.03.2025
SB2024112179: Cross-site scripting in CrushFTP	Medium	Patched	21.11.2024
SB2024042213: Arbitrary file download in CrushFTP	High	Patched Exploited	22.04.2024
SB2019122649: Open redirect in CrushFTP	Low	Patched	26.12.2019
SB2017090203: CRLF injection in CrushFTP	Medium	Patched	02.09.2017
SB2017090118: Deserialization of Untrusted Data in CrushFTP	High	Patched	01.09.2017
SB2017090119: Cross-site scripting in CrushFTP	Low	Patched	01.09.2017
SB2017090120: Open redirect in CrushFTP	Low	Patched	01.09.2017