THREAT OPS › CVEs › CVE-2025-31161
CVE-2025-31161 — CrushFTP Authentication Bypass Vulnerability
CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
Vulnerability details
- Affected productsCrushFTP
- KEV remediation due2025-04-28