CVE-2025-2825

No Score

Description

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.

References

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation

https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/

https://bsky.app/profile/shadowserver.bsky.social/post/3llotkdrd5c2t

https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml

https://projectdiscovery.io/blog/crushftp-authentication-bypass

https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis

https://www.theregister.com/2025/03/27/crushftp_cve/

https://www.horizon3.ai/attack-research/crushftp-authentication-bypass-indicators-of-compromise/

https://www.runzero.com/blog/crushftp/

Details

Source: Mitre, NVD

Published: 2025-03-26

Updated: 2025-04-04

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

EPSS: 0.05281