COOEY // HUBcompliance · community · intelligence

FAIL › dossier

CrushFTP vendor

3
failure events
0
zero-days
0
RCEs
3
on KEV
1
critical
80
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 6 events

DateEventSevFlagsShameSummary
2025-04-07 CVE-2025-31161 critical ⌖KEV 80 CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
2025-04-07 CVE-2025-31161 critical ⌖KEV 80 CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.
2025-07-22 CVE-2025-54309 high ⌖KEV 50 CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
2025-07-22 CVE-2025-54309 high ⌖KEV 50 CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
2024-04-24 CVE-2024-4040 high ⌖KEV 50 CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
2024-04-24 CVE-2024-4040 high ⌖KEV 50 CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).