https://www.bleepingcomputer.com/news/security/critical-auth-bypass-bug-in-crushftp-now-exploited-in-attacks/

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.

The security vulnerability (CVE-2025-2825) was reported by Outpost24, and it allows remote attackers to gain unauthenticated access to devices running unpatched CrushFTP v10 or v11 software.