- A critical failure was discovered in the CRUSHFTP file transfer tool
- Experts claim that the problem was being abused in nature
- CISA added the defect to its Kev catalog
It was found that a CLSTLTFTP critical severity file transfer software was actively exploited in nature.
Earlier this month, it was reported that the software, commonly used by organizations to handle large -scale file transfers, contained a vulnerability of authentication derivation that allowed non -authenticated attackers to obtain administrative access.
By specifically attacking the Crushadmin account, threat actors could abuse the fault to compromise the objective system completely.
CISA adds it to Kev
The defect is now traced as CVE-2025-31161, and it was given a gravity score of 9.8/10 (critic)
It affects the versions of Crushftp 10 before 10.8.4 and 11 before 11.3.1. Users that update these versions are strongly recommended, and if they cannot, enable the instance of Proxy DMZ can serve as a temporary solution.
Security researchers have warned that errors were used in nature to install remote management tools such as Anydesk and Meshagent, The hacker news reported.
CISA has also collected the news, adding the error to its well -known catalog of exploited vulnerabilities (KEV). This means that federal civil executive branch agencies (FCEB) have a three -week deadline (until April 28) to apply the patch, or stop using CLANTFTP completely.
Cybercriminals are often aimed at the vulnerabilities of administered files transfer software, since they could allow access to corporate files and confidential databases. In fact, one of the most devastating cyber attacks in recent history occurred in 2023, when the Cl0P ransomware operator abused a previously unknown SQL injection vulnerability in the Moveit managed file transfer software to violate hundreds of corporations worldwide.
A year earlier, Goanywhere MFT was violated and used to steal confidential data from almost 130 organizations, and in January 2024, it was found that the same software was vulnerable to a failure of transverse weakness of critical route.
