New CTI Labs: CVE-2025-31161 (CrushFTP): Defensive and CVE-2025-31161 (CrushFTP): Offensive
ImmerserToday, we’ve released two brand-new labs focusing on the the CrushFTP vulnerability recently added to CISA KEV.
On the 7th April 2025, a vulnerability in the CrushFTP was added to the CISA Kev Catalogue, CrushFTP is an enterprise FTP solution with tens of thousands of instances publicly accessible online. Recent reporting has confirmed that since a proof-of-concept dropped, there has been an uptick in this vulnerability being exploited in the wild. Successful exploitation of this critical vulnerability allows attackers to achieve code execution, file upload, and download, as well as create backdoor accounts.
Why should our customers care?
As a critical vulnerability with a CVSS base score of 9.8, with no user interaction required, this vulnerability represents a significant impact to customers using CrushFTP or other, similar file transfer solutions. The addition of vulnerabilities to the CISA KEV catalog shows how serious it is and how important it is to patch against the vulnerability, given that the attacker could upload files, achieve persistently, and backdoors onto the server.
Who is it for?
- Incident responders
- SOC analyst
- CTI Analysts
- Threat Hunters
- Penetration Testers
- System Administrators
Here are the links to the labs:
In addition, we've released a proof-of-concept script to demonstrate how an attacker could exploit this vulnerability:
Immerser
Immerser
Immerser