mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-29 16:29:28 +02:00
0xMarcio
1.3 KiB
1.3 KiB
CVE-2025-2825
Description
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.
POC
Reference
- https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis
- https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/
- https://projectdiscovery.io/blog/crushftp-authentication-bypass
Github
- https://github.com/Threekiii/CVE
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/laoa1573/wy876
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/pwnfuzz/POCs
- https://github.com/tanjiti/sec_profile