BleepingComputer reports that over 1,500 CrushFTP file transfer software instances remain exposed to ongoing intrusions exploiting the critical authorization bypass vulnerability, tracked as CVE-2025-2825, following the emergence of a proof-of-concept exploit last week.
The U.S. accounted for most of the vulnerable CrushFTP instances, followed by Europe and Asia, an alert from Shadowserver revealed. Attacks involving the flaw came weeks after its immediate patching was urged by CrushFTP. "The bottom line of this vulnerability is that an exposed HTTP(S) port could lead to unauthenticated access," said CrushFTP in an email to its customers on Mar. 21, which recommended those that cannot promptly update their software to activate the demilitarized zone perimeter network option in the meantime. Such a development also comes amid the growing prevalence of ransomware attacks aimed at file transfer software zero-days, with the CrushFTP bug, tracked as CVE-2024-4040, previously leveraged in cyberespionage efforts against various organizations across the U.S.
Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io_uring, according to BleepingComputer.
