CVE-2025-31161

⚠ KEVEPSS 88.9%

CrushFTP Authentication Bypass Vulnerability

Added to CISA KEV: 4/7/2025

Description

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

Affected packages (0)

No package mapping in OSV.