CVE-2025-2825 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheck	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Vulnerability Media Exposure

[GERMAN] Datentransfer-Software CrushFTP ermöglicht unbefugten Zugriff
In der Datentransfer-Software CrushFTP klafft eine Sicherheitslücke, die Angreifern aus dem Netz unbefugten Zugriff verschafft.
Published: 2025-03-27T08:22:00+00:00
[GERMAN] CrushFTP: Schwachstelle ermöglicht das Umgehen der Authentisierung
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in CrushFTP ausnutzen, um die Authentisierung zu umgehen.
Published: 2025-03-20T23:00:00+00:00
[ENGLISH] ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected
Published: 2025-03-31T16:55:00+05:30
[GERMAN] Angriffe auf Sicherheitsleck in CrushFTP beobachtet
Vergangene Woche wurde eine Sicherheitslücke in der Datentransfer-Software CrushFTP bekannt. IT-Forscher beobachten nun Angriffe darauf.
Published: 2025-04-02T08:26:00+00:00

References

https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis

https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/

https://projectdiscovery.io/blog/crushftp-authentication-bypass

https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

https://www.runzero.com/blog/crushftp/

https://projectdiscovery.io/blog/crushftp-authentication-bypass