CVE-2025-2825 Information

Description

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.

Reference

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/ https://www.runzero.com/blog/crushftp/