Bleeping Computer

CrushFTP warns users to patch unauthenticated access flaw immediately

CrushFTP warned customers of an authentication bypass security vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday ...
Bleeping Computer

Exploit for CrushFTP RCE chain released, patch now

Additional measures that can be implemented to enhance CrushFTP security further include: Using a limited privilege operating system service account for CrushFTP. Deploying Nginx or Apache as a ...
TechRadar

Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

CrushFTP had a flaw that allowed admin access via HTTPS It was patched in early July 2025, but risks persist Around 1,000 servers running older versions at risk as attacks are spotted in the wild ...
heise online

CrushFTP: Older versions can grant unauthorized admin access

Anyone using CrushFTP for data transfer should check that the version they are using is up to date. Last Friday, the development team discovered attacks in the wild on older versions, which in the ...
heise online

CrushFTP: New CVE entry and details of attacked vulnerability

Attacks on a vulnerability in the CrushFTP data transfer software have been known on the Internet since last week. The initial vulnerability description remained extremely superficial and only ...