CVE-2025-2825
Vulnerability from cvelistv5

DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.

Show details on NVD website

To clipboard 

{
   containers: {
      cna: {
         providerMetadata: {
            dateUpdated: "2025-04-04T19:48:00.370Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         rejectedReasons: [
            {
               lang: "en",
               value: "DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "83251b91-4cc7-4094-a5c7-464a1b83ea10",
      assignerShortName: "VulnCheck",
      cveId: "CVE-2025-2825",
      datePublished: "2025-03-26T15:58:14.218Z",
      dateRejected: "2025-04-04T19:48:00.370Z",
      dateReserved: "2025-03-26T15:49:07.306Z",
      dateUpdated: "2025-04-04T19:48:00.370Z",
      state: "REJECTED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2025-2825\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-03-26T16:15:23.883\",\"lastModified\":\"2025-04-02T21:15:33.187\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.\"},{\"lang\":\"es\",\"value\":\"Las versiones 10.0.0 a 10.8.3 y 11.0.0 a 11.3.0 de CrushFTP se ven afectadas por una vulnerabilidad que puede provocar acceso no autenticado. Las solicitudes HTTP remotas y no autenticadas a CrushFTP pueden permitir a los atacantes obtener acceso no autorizado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://projectdiscovery.io/blog/crushftp-authentication-bypass\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.runzero.com/blog/crushftp/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://projectdiscovery.io/blog/crushftp-authentication-bypass\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://projectdiscovery.io/blog/crushftp-authentication-bypass\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-28T17:07:07.312Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2825\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-26T16:16:39.142632Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-26T16:16:46.058Z\"}}], \"cna\": {\"tags\": [\"x_known-exploited-vulnerability\"], \"title\": \"CrushFTP HTTP Unauthenticated Access\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Outpost24\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"CrushFTP\", \"product\": \"CrushFTP\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0\", \"lessThan\": \"11.3.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.8.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.runzero.com/blog/crushftp/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2025/CVE-2025-2825.yaml\", \"tags\": [\"exploit\"]}, {\"url\": \"https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis\", \"tags\": [\"exploit\", \"technical-description\"]}, {\"url\": \"https://projectdiscovery.io/blog/crushftp-authentication-bypass\", \"tags\": [\"exploit\", \"technical-description\"]}, {\"url\": \"https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/\", \"tags\": [\"third-party-advisory\", \"technical-description\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The vulnerability is mitigated if you have the DMZ feature of CrushFTP in place.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vulnerability is mitigated if you have the DMZ feature of CrushFTP in place.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<span style=\\\"background-color: rgba(232, 232, 232, 0.04);\\\">CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.</span><br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-04-02T21:02:16.466Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2025-2825\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T21:02:16.466Z\", \"dateReserved\": \"2025-03-26T15:49:07.306Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-03-26T15:58:14.218Z\", \"assignerShortName\": \"VulnCheck\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.