SecAlerts
CVE ListPricingSign Up
crushftp logo

crushftp

Security Risk Profile

45
/100
medium

Security Risk Score

Comprehensive risk assessment based on 36 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from August 30, 2017 to present

36
Total CVEs
8
Critical+High
13
Exploited
5
Unpatched

Threat Assessment

Avg CVSS
7.3
Base severity
Avg EPSS
31%
Exploit probability
Unpatched
5
Critical/High
Risk Level
45/100
medium
⚠️ 13 Active Exploits 10 Zero-Days📈 2 in Last 30 Days

Severity Distribution

Critical
8
High
0
Medium
11
Low
0

Exploit Likelihood

>50% chance
1
20-50%
1
5-20%
1
<5%
2

Age Distribution

Common Weaknesses (CWE)

1
XSS
6
2
Race Condition
2
3
Path Traversal
1
4
SSRF
1
5
Code Injection
1

Most Affected Products

1. CrushFTP Crushftp39
2. CrushFTP CrushFTP35
3. Fortinet FortiSIEM11
4. Fortinet FortiWeb6
5. Fortinet FortiEDR Manager5

Recent Vulnerabilities

See more →
https://reddit.com/r/netsec/comments/1td2igk/detecting_exploitation_of_crushftp_vulnerability/
unknown

Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state

5/14/2026🔧 No Patch
https://reddit.com/r/cybersecurity/comments/1td2ecj/detecting_exploitation_of_crushftp_vulnerability/
unknown

Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state

5/14/2026🔧 No Patch
CVE-2025-63419
CVSS 6.1medium
11/12/2025🔧 No Patch
CVE-2025-63420
CVSS 4.1medium
11/7/2025🔧 No Patch
https://reddit.com/r/netsec/comments/1n1812i/the_one_where_we_just_steal_the_vulnerabilities/
unknown

The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs

8/27/2025🔧 No Patch
https://reddit.com/r/netsec/comments/1mdk95e/new_critical_crushftp_cve202554309_rce_explained/
unknown

New Critical CrushFTP CVE-2025-54309 RCE Explained + PoC

7/30/2025🔧 No Patch
https://www.bleepingcomputer.com/news/security/over-1-000-crushftp-servers-exposed-to-ongoing-hijack-attacks/
unknown

Over 1,000 CrushFTP servers exposed to ongoing hijack attacks

7/21/2025⚠ Exploited⚡ Zero-Day🔧 No Patch
https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-to-gain-admin-access-on-servers/
unknown

CrushFTP zero-day exploited to gain admin access on servers

7/18/2025⚠ Exploited⚡ Zero-Day🔧 No Patch
https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/
unknown

CrushFTP zero-day exploited in attacks to gain admin access on servers

7/18/2025⚠ Exploited⚡ Zero-Day🔧 No Patch
https://www.bleepingcomputer.com/news/security/new-crushftp-zero-day-exploited-in-attacks-to-hijack-servers/
unknown

New CrushFTP zero-day exploited in attacks to hijack servers

7/18/2025⚠ Exploited⚡ Zero-Day🔧 No Patch

Monitor crushftp in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

crushftp Security Vulnerabilities & Risk Score | 36 CVEs | SecAlerts - SecAlerts