METASPLOIT-modules/auxiliary/gather/crushftp_authbypass_cve_2025_2825.rb

METASPLOIT ruby WORKING POC
Exploit for CVE-2025-2825
AI Analysis

This Metasploit module exploits an authentication bypass in CrushFTP by crafting a malicious AWS4-HMAC-SHA256 header and session cookie, allowing an attacker to authenticate as any valid user without credentials.

Attack Type
auth_bypass
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1550.003 - Pass the Ticket
Loading exploit code...
Download ZIP Password: eip
Source
Platform Metasploit
Type poc
Language ruby
Files 1
Authors
Outpost24 remmons-r7
Vulnerability
CVE-2025-2825