Attackers Actively Exploiting Critical Authentication Flaw in CrushFTP Software

Attackers are actively exploiting a critical authentication flaw in the CrushFTP file transfer software, identified as CVE-2025-2825. This vulnerability allows unauthenticated access to unpatched devices using publicly available exploit code. The flaw affects versions 10.0.0 to 10.8.3 and 11.0.0 of CrushFTP. Malicious actors are utilizing exploits based on publicly available proof-of-concept code.