View Attach (1) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
 minor_update.jpg 356.6 kB 1 05-Dec-2023 05:32 Ada Csaba

This page (revision-63) was last changed on 04-Apr-2025 13:45 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 added 5 lines
!!!__CrushFTP 11.0.0 to 11.3.0 are vulnerable. Update to 11.3.1+ immediately.__
!!!__CrushFTP 10.0.0 to 10.8.3 are vulnerable. Update to 10.8.4+ immediately.__
!!![Some guidance on detection and what to do if compromised...|Compromise]
\\
At line 9 changed 2 lines
__March 21, 2025 - Unauthenticated HTTP(S) port access on CrushFTPv11 (CVE:TBA)__\\
This issue only affects CrushFTP v11 but does not work if you have the [DMZ] function of CrushFTP in place.
__March 21, 2025 - Unauthenticated HTTP(S) port access on CrushFTPv10/v11 (CVE: CVE-2025-31161)__\\
This issue affects both CrushFTP v10 and v11. The exploit does not work if you have the [DMZ] proxy instance of CrushFTP in place. The vulnerability was respnsibly disclosed, it is not being used actively in the wild that we know of, no further details will be given at this time. (CVE-2025-0282 appears to be a copycat CVE issued automatically by an unaffiliated company.)\\
10.8.4 and 11.3.1 were published on 3/21/2025 and your CrushFTP instances would have notified you within a day of the new version if you are not blocking access to our update servers. Staying up to date is critical on an internet facing server.\\
__A good explanation of the whole exploit in the wild and why it happenned.__\\
[https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation]\\
At line 26 changed 2 lines
•If I'm on v10.8.3+...do I need to upgrade to v11? No, 10.8.3+ are safe.\\
•If I'm on v10.6.1, or v10.3, or v10.5.5, am I vulnerable? Yes! Update immediately to 10.8.3+ or v11.2.3+.\\
•If I'm on v10.8.4+...do I need to upgrade to v11? No, 10.8.4+ are safe.\\
•If I'm on v10.6.1, or v10.3, or v10.5.5, am I vulnerable? Yes! Update immediately to 10.8.4+ or v11.3.1+.\\
Version Date Modified Size Author Changes ... Change note
63 04-Apr-2025 13:45 6.005 kB Ben Spink to previous
62 02-Apr-2025 03:23 5.805 kB Ben Spink to previous | to last
61 01-Apr-2025 14:13 5.556 kB Ben Spink to previous | to last
« This page (revision-63) was last changed on 04-Apr-2025 13:45 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu

JSPWiki