BleepingComputer reports that over 1,500 CrushFTP file transfer software instances remain exposed to ongoing intrusions exploiting the critical authorization bypass vulnerability, tracked as CVE-2025-2825, following the emergence of a proof-of-concept exploit last week.
The U.S. accounted for most of the vulnerable CrushFTP instances, followed by Europe and Asia, an alert from Shadowserver revealed. Attacks involving the flaw came weeks after its immediate patching was urged by CrushFTP. "The bottom line of this vulnerability is that an exposed HTTP(S) port could lead to unauthenticated access," said CrushFTP in an email to its customers on Mar. 21, which recommended those that cannot promptly update their software to activate the demilitarized zone perimeter network option in the meantime. Such a development also comes amid the growing prevalence of ransomware attacks aimed at file transfer software zero-days, with the CrushFTP bug, tracked as CVE-2024-4040, previously leveraged in cyberespionage efforts against various organizations across the U.S.
