Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module

The post references a blog by Netomize detailing how exploitation of the CrushFTP vulnerability (CVE-2025-31161) is detected using PacketSmith’s Yara detection module. The detection method incorporates newly introduced track_state and flow_state keywords within the correlation engine. The content focuses on the technical approach for identifying this specific vulnerability.