Threat actors target an authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. Tracked as CVE-2025-31161, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow unauthenticated attackers to bypass authentication and gain unauthorized access. CISA added … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)”
