CVE-2025-2825

This PoC exploits CVE-2025-2825 and CVE-2025-31161 in CrushFTP by crafting malicious XML payloads to create unauthorized users via the 'setUserItem' command. It supports both single-target and mass exploitation with threading.

This repository contains a functional proof-of-concept exploit for CVE-2025-2825, an authentication bypass vulnerability in CrushFTP. The exploit leverages the improper validation of the X-Forwarded-For header to bypass authentication and gain administrative access.

The repository contains a detailed writeup and a Python script for exploiting CVE-2025-2825, an authentication bypass vulnerability in CrushFTP versions 10.0.0-10.8.3 and 11.0.0-11.3.0. The exploit leverages a flawed S3-like API authentication mechanism to gain administrative access without requiring a valid password.

This repository contains a functional PoC for CVE-2025-2825, an authentication bypass vulnerability in CrushFTP. The exploit leverages a crafted Authorization header and a CrushAuth cookie to bypass AWS S3-style authentication.

This repository contains a functional Metasploit auxiliary module that exploits CVE-2025-2825, an authentication bypass vulnerability in CrushFTP versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The exploit bypasses authentication checks and allows an attacker to modify the password of any user, including administrators, by leveraging a crafted AWS4-HMAC-SHA256 authorization header and a malformed XML payload.

This repository contains a README describing an authentication bypass vulnerability (CVE-2025-2825) in CrushFTP, but no actual exploit code or PoC is provided. The README mentions a PoC image, but it is not included in the provided files.

This repository contains a functional exploit for CVE-2025-31161, which leverages an authentication bypass vulnerability in CrushFTP to create a new admin-level user account. The exploit sends crafted HTTP requests with specific headers and payloads to achieve unauthorized user creation.

This Nuclei template detects the CrushFTP authentication bypass vulnerability (CVE-2025-2825) by sending crafted HTTP requests and checking for specific responses indicating successful bypass. It does not exploit the vulnerability but scans for its presence.

This Metasploit module exploits an authentication bypass in CrushFTP by crafting a malicious AWS4-HMAC-SHA256 header and session cookie, allowing an attacker to authenticate as any valid user without credentials.