Known exploited
CrushFTP
CVE published 2025-04-07
CVE-2025-31161
CVE-2025-31161 is a CrushFTP authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-04-07. The KEV entry marks it as known exploited and notes known ransomware campaign use, so affected organizations should treat it as an urgent remediation item rather than a routine patch. CISA’s guidance is to apply vendor mitigations, follow BOD 22-01 guidance for clo [truncated]