CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
PoC: CVE-2025-31161
CVE-2025-31161, a critical authentication bypass vulnerability in CrushFTP WebInterface. This tool allows security researchers to scan for vulnerable instances and verify the security posture of CrushFTP servers.
PoC: CVE-2025-31161
CVE-2025-31161
PoC: CVE-2025-31161
Wrote an exploit in Go for CVE-2025-31161 affecting crushFTP.
PoC: CVE-2025-31161
A proof of concept for CVE-2025-31161, using mangled HTTP header to perform unauthenticated impersonation of any user in Crush FTP server.
PoC: CVE-2025-31161
PoC Authentication Bypass to RCE to Exploit CVE-2025-31161
PoC: CVE-2025-31161
Scans target to see if its vulnerable to CVE-2025-31161
PoC: CVE-2025-31161
Authentication bypass vulnerability in versions of the CrushFTP server.
PoC: CVE-2025-31161
PoC CVE-2025-31161 - Authentication Bypass CrushFTP
PoC: CVE-2025-31161
CrushFTP 11.3.1 - Authentication Bypass
PoC: Blackash-CVE-2025-31161
CVE-2025-31161
PoC: Blackash-CVE-2025-31161
CVE-2025-31161
PoC: CVE-2025-31161
🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit
PoC: CVE-2025-31161_exploit
CVE-2025-31161 python exploit
PoC: Nuclei_CVE-2025-31161_CVE-2025-2825
Official Nuclei template for CVE-2025-31161 (formerly CVE-2025-2825)
PoC: CVE-2025-31161
CrushFTP CVE-2025-31161 Exploit Tool 🔓
PoC: CVE-2025-31161
Proof of Concept for CVE-2025-31161 / CVE-2025-2825
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free