Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World

CrushFTP Vulnerability: Hackers Gain Admin Access

July 20, 2025 Lisa Park Tech
News Context
At a glance
Original source: thehackernews.com

CrushFTP Under Fire:⁢ Critical Vulnerability fuels Admin Takeovers adn Data Exfiltration

Table of Contents

  • CrushFTP Under Fire:⁢ Critical Vulnerability fuels Admin Takeovers adn Data Exfiltration
    • The Anatomy of⁤ the latest CrushFTP Attack
    • Mitigating the Threat: Immediate Steps for CrushFTP Users
    • A Pattern of Exploitation: CrushFTP’s Troubled History

crushftp, a widely used secure file transfer protocol (SFTP) server, is once again in⁢ the crosshairs of cybercriminals. security researchers have identified a critical vulnerability that allows attackers to gain unauthorized administrative⁢ access, modify user configurations, and potentially exfiltrate sensitive data. This latest exploit follows a series of high-severity vulnerabilities that ⁣have plagued the ⁤platform over the past year, highlighting a concerning trend of CrushFTP becoming a prime target⁢ for elegant threat actors.

The Anatomy of⁤ the latest CrushFTP Attack

The current attack vector leverages a critical flaw that enables attackers to inject malicious code into the ⁢ user.xml configuration ⁣file. This file, which stores user credentials and permissions, becomes the⁤ gateway for attackers to escalate privileges and establish persistent access.

key indicators of compromise include:

Modified user.xml: The user.xml file shows ⁤signs of tampering, often with the addition of⁤ a last_logins value, indicating unauthorized ‍modification.
Disappearing User Interface Elements: End-user web interface buttons vanish, and users who were previously⁣ identified as regular users suddenly⁢ gain an “Admin” button, signaling a privilege escalation.

Security teams investigating potential breaches are advised ⁤to⁤ meticulously review the modification timestamps of user.xml files. Correlating administrative login events with⁤ public⁢ IP addresses and auditing permission changes on ⁢critical folders are crucial steps. ⁤Furthermore, scrutinizing access logs for suspicious patterns, such as newly created users or unexplained administrative role escalations, can reveal post-exploitation activities.

Mitigating the Threat: Immediate Steps for CrushFTP Users

The company behind CrushFTP has issued recommendations for users to⁤ fortify their systems against this ongoing threat. The primary mitigation strategy involves restoring a previous, default user configuration from a backup ⁤folder. Additionally, reviewing upload ‍and download reports for any signs⁣ of suspicious data transfers is paramount.

Essential mitigation⁤ steps include:

IP ⁤Address Restrictions for Management: Limit the IP addresses from which administrative actions can be performed.
IP Allowlisting: Configure⁤ the ⁤CrushFTP server ⁢to only accept connections from a ‍predefined list of trusted IP addresses. DMZ Deployment: For enterprise environments, consider switching to a ⁣DMZ ⁣(Demilitarized Zone) instance⁢ of CrushFTP for enhanced network segmentation and security.
Enable Automatic Updates: Ensure that automatic updates are enabled to promptly patch known vulnerabilities.

A Pattern of Exploitation: CrushFTP’s Troubled History

This latest vulnerability is not ⁤an isolated incident.CrushFTP has been a recurring target for threat actors, with⁤ several high-severity flaws being actively exploited in the wild.

CVE-2025-31161 (CVSS Score: 9.8): Discovered earlier this April, this vulnerability was weaponized to deliver malware, including the MeshCentral agent.
CVE-2024-4040 (CVSS Score: 9.8): Last ⁤year, a critical vulnerability was leveraged by threat actors to target multiple U.S. entities,underscoring the platform’s attractiveness to advanced persistent threats (apts).

The consistent exploitation of high-severity CVEs against CrushFTP serves⁤ as ⁢a stark reminder for organizations to conduct thorough threat ⁢exposure⁢ assessments. This includes evaluating patch cadence, understanding third-party file transfer risks, and implementing robust zero-day detection workflows, especially those involving remote access tools and credential compromise. Staying vigilant and proactive is key to safeguarding your sensitive data in today’s evolving threat landscape.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, hacker news, hacking news, how to hack, information security, Network security, ransomware malware, software vulnerability, the hacker news

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com