SMEs worldwide are affected by disclosed vulnerabilities in the FTP, FTPS, SFTP, HTTP, HTTPS, and WebDAV protocols. The CrushFTP and 🚨CVE-2025-2825 🚨
🚨CVE-2025-2825 🚨: Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
CrushFTP is a widely used enterprise-grade file transfer server, which recently has disclosed that its versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 have a critical authentication bypass flaw.
🔎 Performing some small #OSINT queries on #shodan, #hunter, #censys or even a Google dork intitle:"CrushFTP WebInterface" inurl:/WebInterface/Login.html you can identify thousands of possible vulnerable endpoints.
This type of attack can have an immediate impact via successful exploitation or can be chained to a more complex attack technique for a bigger impact on companies.
👇Query:
SHODAN: server: CrushFTP HTTP Server
Romania Filtered SHODAN: server: CrushFTP HTTP Server country:"RO"
🗂️Full reference:https://securityonline.info/crushftp-hacked-exploit-cve-2025-2825-with-poc-and-nuclei-template/… https://rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/…
🧐Deep Dive on the whole PoC: https://projectdiscovery.io/blog/crushftp-authentication-bypass…
PoC Summary using nuclei template:
💡Solution: “Update to version 10.8.4+ or 11.3.1+ immediately.”
SMEs are increasingly exposed to cyber risks, and attackers exploit any security weakness. What cyber threats affect SMEs the most?
Why is it important to conduct regular security assessments? Cybersecurity is a critical concern for businesses of all sizes.