CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability in CrushFTP has been exploited to give attackers control how the software handles authentication, allowing access to the administrative account. From there, attackers have the ability to read and upload files, execute arbitrary code, create backdoors in the form of new administrative accounts, and conduct a full system takeover.
References
|
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability in CrushFTP has been exploited to give attackers control how the software handles authentication, allowing access to the administrative account. From there, attackers have the ability to read and upload files, execute arbitrary code, create backdoors in the form of new administrative accounts, and conduct a full system takeover.
References
|
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability | primary_impact | T1136 | Create Account |
Comments
This vulnerability in CrushFTP has been exploited to give attackers control how the software handles authentication, allowing access to the administrative account. From there, attackers have the ability to read and upload files, execute arbitrary code, create backdoors in the form of new administrative accounts, and conduct a full system takeover.
References
|