Attacks on security leak in CrushFTP observed
Last week, a security vulnerability was discovered in the CrushFTP data transfer software. IT researchers are now observing attacks on it.
(Image: Erstellt mit KI in Bing Creator von heise online / dmk)
Last week, a security vulnerability in the data transfer software CrushFTP classified as a critical risk became known. IT security researchers are now observing attack attempts on vulnerable instances. A proof-of-concept exploit is publicly available, which criminals are apparently using for this purpose.
IT researchers at Rapid7 have investigated the vulnerability in CrushFTP. They analyzed the differences between the versions and relied on the note from the changelog, which indicated a vulnerability in the authentication. This enabled them to develop a proof-of-concept exploit that successfully exploited the vulnerability.
IT researchers at the Shadowserver Foundation have been detecting attempts to attack the CVE-2025-2825 vulnerability since the beginning of the week.
(Image:Â Shadowserver Foundation)
The main targets of the attacks are in Asia, the USA, and Europe, with the USA being the main focus of the attackers yesterday and Asia coming in second place.
Videos by heise
The Shadowserver Foundation is also scouring the web for vulnerable instances of CrushFTP. The number has been falling for a few days, but there are currently still more than 1000 systems vulnerable. The majority are located in the USA. Since Tuesday of this week, Germany is no longer in second place, but in third place with 105 vulnerable CrushFTP instances.
(Image:Â Shadowserver Foundation)
CrushFTP: Install update urgently
Updated software is available for the vulnerable CrushFTP versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0, which IT managers should install immediately if they have not already done so. Otherwise, attackers can use the public exploit to gain access from the network without prior authentication. The bug fixes apply to CrushFTP versions 10.8.4 and 11.3.1 and later.
(dmk)
