THREATOPS
THREAT OPSCVEs › CVE-2025-31161

CVE-2025-31161 — CrushFTP Authentication Bypass Vulnerability

CISA KEVExploited: confirmedCrushFTP

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

Vulnerability details

Related reporting