1. Forum
  2. tqwNet
  3. TQW GENTECH

  • CrushFTP vulnerability exploited in the wild, added to CISA KEV d

    From TechnologyDaily@1337:1/100 to All on Tue Apr 8 18:15:07 2025
    CrushFTP vulnerability exploited in the wild, added to CISA KEV database

    Date:
    Tue, 08 Apr 2025 17:00:00 +0000

    Description:
    A new patch for a managed file transfer software CrushFTP was released, and users are urged to apply it ASAP.

    FULL STORY ======================================================================A critical flaw was discovered in file transfer tool CrushFTP Experts claim the issue was being abused in the wild CISA added the flaw to its KEV catalog

    A critical-severity vulnerability plaguing file transfer software CrushFTP
    was found being actively exploited in the wild.

    Earlier this month, it was reported that the software, commonly used by organizations to handle large-scale file transfers, contained an authentication bypass vulnerability which allowed unauthenticated attackers
    to gain administrative access.

    By specifically targeting the crushadmin account, threat actors could abuse the flaw to compromise the target system entirely.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal CISA adds it to KEV

    The flaw is now tracked as CVE-2025-31161 , and was given a severity score of 9.8/10 (critical)

    It affects CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1. Users are strongly advised to update to these versions immediately, and if they cant, enabling the DMZ proxy instance can serve as a temporary workaround.

    Security researchers have warned that the bugs were used in the wild to install remote management tools like AnyDesk and MeshAgent, The Hacker News reported.

    CISA has also picked up on the news, adding the bug to its Known Exploited Vulnerabilities Catalog (KEV). This means that Federal Civilian Executive Branch (FCEB) agencies have a three-week deadline (until April 28) to apply the patch, or stop using CrushFTP entirely.

    Cybercriminals often target managed file transfer software vulnerabilities, since they could allow access to sensitive corporate files and databases. In fact, one of the most devastating cyberattacks in recent history happened in 2023, when ransomware operator Cl0p abused a previously unknown SQL injection vulnerability in MOVEit managed file transfer software to breach hundreds of corporations around the world.

    A year before that, GoAnywhere MFT was breached and used to steal sensitive data from almost 130 organizations, and in January 2024, the same software
    was found to be vulnerable to a critical path traversal weakness flaw. You might also like Popular file transfer software has a seriously dangerous security bug that gives anyone free administrator rights so patch it now to avoid another Moveit-like debacle We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/crushftp-vulnerability-exploited-in-the -wild-added-to-cisa-kev-database


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)