Browse all 5 CVE security advisories affecting CrushFTP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CrushFTP serves as a cross-platform file transfer server supporting FTP, SFTP, WebDAV, and cloud storage protocols. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with five CVEs currently recorded. Security researchers have identified issues such as authentication bypass flaws and insecure default configurations. While no major public security incidents have been widely documented, the software's history of vulnerabilities underscores the importance of regular updates and hardening. Users should implement strict access controls and monitoring to mitigate potential risks associated with its deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54309 | CrushFTP 安全漏洞 — CrushFTPCWE-420 | 9.0 | Critical | 2025-07-18 |
| CVE-2025-32103 | CrushFTP 安全漏洞 — CrushFTPCWE-40 | 5.0 | Medium | 2025-04-15 |
| CVE-2025-32102 | CrushFTP 安全漏洞 — CrushFTPCWE-918 | 5.0 | Medium | 2025-04-15 |
| CVE-2025-31161 | CrushFTP 安全漏洞 — CrushFTPCWE-305 | 9.8 | Critical | 2025-04-03 |
| CVE-2024-4040 | Unauthenticated arbitrary file read and remote code execution in CrushFTP — CrushFTPCWE-1336 | 9.8 | Critical | 2024-04-22 |
This page lists every published CVE security advisory associated with CrushFTP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.