Active Exploitation of CrushFTP Authentication Bypass Vulnerability (CVE-2025-31161)

CVE-2025-31161 is being actively exploited and it's not getting the attention it should. An authentication bypass vulnerability in CrushFTP (CVE-2025-31161) is currently being exploited. It affects versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. If exploited, it allows attackers to access sensitive files without valid credentials and take full control of the system depending on the configuration. Active exploitation has already been confirmed, but it is going unnoticed.