Summary
| Vulnerability Name | CrushFTP Authentication Bypass (CVE-2025-2825) |
|---|---|
| Released on | March 31, 2025 |
| Affected Component | CrushFTP |
| Affected Versions | 10.0.0 ≤ CrushFTP ≤ 10.8.3 11.0.0 ≤ CrushFTP ≤ 11.3.0 |
| Vulnerability Type | Authentication bypass |
| Exploitation Condition | User authentication: not required. Precondition: default configurations. Trigger mode: remote. |
| Impact | Exploitation difficulty: easy. This vulnerability enables unauthenticated attackers to create administrator accounts. Severity: high. This vulnerability may result in server compromises. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
CrushFTP is an extremely powerful, easy-to-use solution that runs on almost everything: macOS 10.9+/11/12+, Win2012+, Linux, Oracle Solaris, BSD, UNIX, etc. Any operating system that can run Java 8 at a minimum can run CrushFTP.
Vulnerability Description
On March 31, 2025, Sangfor FarSight Labs received notification of the authentication bypass vulnerability in CrushFTP (CVE-2025-2825), classified as critical in threat level.
This vulnerability enables unauthenticated attackers to construct HTTP requests to access files, upload malicious content, and create administrator accounts, potentially leading to a server compromise.
Affected Versions
The following CrushFTP versions are affected:
10.0.0 ≤ CrushFTP ≤ 10.8.3
11.0.0 ≤ CrushFTP ≤ 11.3.0
Vulnerability Reproduction
Sangfor FarSight Labs has reproduced the vulnerability.
Solutions
Remediation Solutions
Official Solution
The latest version has been officially released to fix the vulnerability. Affected users are advised to update the CrushFTP version to 10.8.4 or 11.3.1.
Download link: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CrushFTPUpgrade
Sangfor Solutions
Risky Asset Discovery
The following Sangfor services can conduct proactive detection on CrushFTP to discover affected assets in batches in business scenarios:
Sangfor Host Security: The corresponding asset discovery solution has been released. The fingerprint ID is 0009874.
Sangfor TSS: The corresponding asset discovery solution has been released. The fingerprint ID is 0009874.
Vulnerability Detection
The following Sangfor services can proactively detect CVE-2025-2825 vulnerabilities and quickly identify vulnerability risks in batches in business scenarios:
Sangfor Host Security: The corresponding detection solution will be released on April 06, 2025. The rule ID is SF-2025-00364.
Sangfor TSS: The corresponding detection solution will be released on April 07, 2025. The rule ID is SF-2025-00995.
Sangfor Cyber Guardian Platform: The corresponding detection solution will be released on April 07, 2025. The rule ID is SF-2025-00995. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Sangfor TSS.
Sangfor XDR: The corresponding detection solution will be released on April 06, 2025. The rule ID is SF-2025-00364. In this case, make sure that Sangfor XDR is integrated with Sangfor Host Security.
Vulnerability Monitoring
The following Sangfor services support CVE-2025-2825 vulnerability monitoring, and can quickly identify affected assets and the impact scope in business scenarios in real time through traffic collection:
Cyber Command: The corresponding monitoring solution will be released on April 11, 2025. The rule ID is 11027471.
Sangfor Cyber Guardian Platform: The corresponding monitoring solution will be released on April 11, 2025. The rule ID is 11027471. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Cyber Command.
Sangfor XDR: The corresponding monitoring solution will be released on April 11, 2025. The rule ID is 11027471.
Vulnerability Prevention
The following Sangfor services can effectively block CVE-2025-2825 exploits:
Network Secure: The corresponding prevention solution will be released on April 11, 2025. The rule ID is 11027471.
Sangfor Web Application Firewall: The corresponding prevention solution will be released on April 11, 2025. The rule ID is 11027471.
Sangfor Cyber Guardian Platform: The corresponding prevention solution will be released on April 11, 2025. The rule ID is 11027471. In this case, make sure that Sangfor Cyber Guardian Platform is integrated with Network Secure.
Sangfor XDR: The corresponding prevention solution will be released on April 11, 2025. The rule ID is 11027471. In this case, make sure that Sangfor XDR is integrated with Network Secure.
Timeline
On March 31, 2025, Sangfor FarSight Labs received notification of the authentication bypass vulnerability in CrushFTP (CVE-2025-2825).
On March 31, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
