ºÚÁÏÕýÄÜÁ¿

A critical vulnerability, tracked as CVE-2025-2825, affecting CrushFTP is actively being exploited following the release of proof-of-concept exploit code.

The vulnerability is an authentication bypass flaw that allows remote threat actors to gain unauthenticated access to infrastructure running unpatched CrushFTP v10 or v11 software exposed on the Internet over HTTP(S).

According to the monitoring platform Shadowserver, targeted exploitation attempts against CrushFTP were observed approximately a week after the vulnerability was disclosed.

The discovery by Shadowserver, in which over 1,500 flawed instances were exposed online, highlights the speed at which threat actors begin attempted exploitation attacks against vulnerable products or services. This is evident in how quickly the vulnerability was targeted after a write-up containing technical details about CVE-2025-2825 and proof-of-concept exploit code was .

Health-ISAC provides this information for situational awareness and encourages users to affected CrushFTP versions immediately, as threat actors have exhibited high interest in exploiting vulnerable file transfer products.