- A critical error was discovered in file transfer toolsk
- Experts claim the question was abused in nature
- Cisa added the error to his KEV catalog
A vulnerability of critical difficulty that plagued file transfer software software software was found actively utilized in nature.
Earlier this month, it was reported that the software, often used by organizations to handle large file transfers, contained an approval compass vulnerability that allowed unauthorized attackers to gain administrative access.
By specifically targeting the Crushadmin account, threat actors could abuse the error of compromising the target system completely.
Cisa adds that to Kev
The error is now traced as CVE-2025-31161 and got a severity of 9.8/10 (critical)
It affects Crushftp versions 10 before 10.8.4 and 11 before 11.3.1. Users are strongly advised to update to these versions right away, and if they can’t, activating the DMZ Proxy defense can serve as a temporary solution.
Security researchers have warned that the errors were used in nature to install remote control tools such as Anydesk and Meshagent, Hacker the news reported.
CISA has also picked up the news and added the mistake to its known utilized vulnerability catalog (KEV). This means that federal civilian executive branch (FCEB) agencies have a three-week deadline (until April 28) to use patch or stop using crushftp completely.
Cyber criminals are often targeted at controlled software for file transfer software as they could provide access to sensitive business files and databases. In fact, one of the most devastating cyberattacks in the latest history of 2023 happened when Ransomware operator CL0P abused a previously unknown SQL injection vulnerability in Moveit -managed file transfer software to violate hundreds of companies worldwide.
One year before it was Goany Where MFT violated and used to steal sensitive data from nearly 130 organizations, and in January 2024 it turned out that the same software was vulnerable to a critical road monitoring weakness error.
