<ul><li>Threat actors are actively exploiting the CrushFTP CVE-2025-2825 flaw, allowing unauthenticated access to unpatched devices.</li><li>The vulnerability affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0, granting unauthorized access to attackers through remote and unauthenticated HTTP requests.</li><li>Security researchers have identified approximately 1,800 vulnerable instances, with over 900 located in the US.</li><li>CrushFTP recommends immediate action to address the vulnerability and suggests enabling the DMZ perimeter network as a temporary security measure.</li></ul>

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Discover more