| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability in CrushFTP has been exploited to give attackers control how the software handles authentication, allowing access to the administrative account. From there, attackers have the ability to read and upload files, execute arbitrary code, create backdoors in the form of new administrative accounts, and conduct a full system takeover.
References
|
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability in CrushFTP has been exploited to give attackers control how the software handles authentication, allowing access to the administrative account. From there, attackers have the ability to read and upload files, execute arbitrary code, create backdoors in the form of new administrative accounts, and conduct a full system takeover.
References
|
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability | primary_impact | T1136 | Create Account |
Comments
This vulnerability in CrushFTP has been exploited to give attackers control how the software handles authentication, allowing access to the administrative account. From there, attackers have the ability to read and upload files, execute arbitrary code, create backdoors in the form of new administrative accounts, and conduct a full system takeover.
References
|