CrushFTP previously recommended immediate patching.
More than 1,500 CrushFTP file transfer software instances remain exposed to an ongoing intrusion due to a critical authorisation bypass vulnerability.
A proof-of-concept exploit was recently published for the vulnerability, tracked as CVE-2025-2825, following the emergence of a proof-of-concept exploit last week.
According to BleepingComputer, attacks involving the flaw came weeks after its immediate patching was urged by CrushFTP. "The bottom line of this vulnerability is that an exposed HTTP(S) port could lead to unauthenticated access," said CrushFTP in an email to its customers on March 21st.
The email recommended taking immediate action, as an exposed HTTP(S) port could lead to unauthenticated access," CrushFTP warned in its email.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
