CrushFTP Vulnerability CVE-2025-31161: What It Means for Your Business and How to Respond - #CVE-2024-4040
A critical authentication bypass vulnerability, CVE-2025-31161 (initially confused with CVE-2025-2825), has been discovered in CrushFTP versions 10 and 11, affecting versions prior to 10.8.4 and 11.3.1. This high-severity flaw, with a CVSS score of 9.8, allows unauthenticated attackers to bypass authentication mechanisms and potentially gain full control of affected systems. Active exploitation attempts have been observed in the wild, including by threat actors like APT41. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog, mandating Federal Civilian Executive Branch agencies to patch by April 28, 2025. Organizations are strongly advised to upgrade to the latest patched versions immediately, implement additional security measures such as network segmentation and multi-factor authentication, and monitor for signs of compromise.