Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
CrushFTP Authentication Bypass (CVE-2025-2825) - Vulnerability Database

CrushFTP Authentication Bypass (CVE-2025-2825)

Description

CrushFTP contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access administrative interfaces and sensitive functionality, potentially leading to complete server compromise.

Remediation

Upgrade to the latest version of CrushFTP

References

Rapid7 Vulnerability Blog
NVD - CVE-2025-2825

Related Vulnerabilities

Wing FTP Server RCE (CVE-2025-47812) Critical
Common tags: Authentication Bypass Known Vulnerabilities
URL rewrite vulnerability Medium
Common tags: Authentication Bypass Known Vulnerabilities
Ivanti vTM Auth bypass (CVE-2024-7593) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz Authentication Bypass (CVE-2023-51467) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856) Critical
Common tags: Authentication Bypass Known Vulnerabilities

Severity

Critical

Classification

CVE-2025-2825
CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass
Known Vulnerabilities