Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31161 β€” AI Deep Analysis Summary

CVSS 9.8 Β· Critical

Q1What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: Critical Auth Bypass in CrushFTP! 🚨 πŸ’₯ **Consequences**: Attackers can bypass login entirely. Result? Full account takeover. Complete loss of Confidentiality, Integrity, and Availability.…
Read full answer (login)

Q2Root Cause? (CWE/Flaw)

πŸ›‘οΈ **Root Cause**: CWE-305 (Auth Bypass by Primary Weakness). πŸ” **Flaw**: The AWS4-HMAC authorization method in the HTTP component is flawed. It fails to properly validate credentials, allowing unauthorized access.

Q3Who is affected? (Versions/Components)

πŸ“¦ **Affected Versions**: β€’ CrushFTP 10.x (before 10.8.4) β€’ CrushFTP 11.x (before 11.3.1) β€’ Some sources mention 9.3.x versions too. ⚠️ **Vendor**: CrushFTP.

Q4What can hackers do? (Privileges/Data)

πŸ•΅οΈ **Hacker Actions**: Gain **Admin-level permissions** without a password! πŸ‘‘ πŸ“‚ **Data Impact**: Full read/write access. Can create new admin users. Total system compromise.

Q5Is exploitation threshold high? (Auth/Config)

πŸ“‰ **Threshold**: **LOW**. πŸ”“ **Auth**: None required (Unauthenticated). βš™οΈ **Config**: Needs a valid username (default often `crushadmin`). Easy to guess or enumerate.

Q6Is there a public Exp? (PoC/Wild Exploitation)

πŸ”₯ **Exploit Status**: **YES, Public!** πŸ“‚ **PoCs**: Available on GitHub (Immersive-Labs, TX-One, etc.). πŸ€– **Scanners**: Nuclei templates exist. Wild exploitation is highly likely.

Q7How to self-check? (Features/Scanning)

πŸ” **Self-Check**: 1. Use Nuclei with CVE-2025-31161 template. 2. Check version numbers in admin panel. 3. Look for AWS4-HMAC header anomalies in logs. 🚩 **Flag**: If version < 10.8.4 or < 11.3.1, you are vulnerable.

Q8Is it fixed officially? (Patch/Mitigation)

🩹 **Fix**: **YES**, official patches exist. πŸ“₯ **Action**: Update to **CrushFTP 10.8.4+** or **11.3.1+** immediately. πŸ”— **Ref**: Check CrushFTP wiki for update instructions.

Q9What if no patch? (Workaround)

🚧 **No Patch? Workarounds**: 1. **Block Access**: Restrict HTTP/FTP ports to trusted IPs only. 2. **WAF**: Block requests with suspicious AWS4-HMAC headers. 3.…
Read full answer (login)

Q10Is it urgent? (Priority Suggestion)

⚑ **Urgency**: **CRITICAL / IMMEDIATE**. 🚨 **Priority**: **P0**. πŸ’‘ **Reason**: Unauthenticated, easy exploit, full admin access. Patch NOW before you get owned! πŸƒβ€β™‚οΈπŸ’¨

Continue exploring

Vulnerability detail Full AI analysis (login) CrushFTP CWE-305