CVE 2025-2825 - CrushFTP Authentication Bypass Analysis
After the news made it’s way to my feeds, having worked on the CrushFTP’s CVE-2024-4040 vulnerability analysis, this sounded like a good thing to do over and maybe I could write the exploit before anyone but unfortunately Project Discovery guys beat me to it. Anyways, enough story, let’s dive into the vulnerability:
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by …