Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
CVSS
No CVSS.
References
No reference.
Configurations
No configuration.
History
04 Apr 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | ||
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| Summary |
|
|
| Summary | (en) Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage. | |
| References |
|
02 Apr 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
01 Apr 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval. | |
| References |
|
28 Mar 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
27 Mar 2025, 16:45
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
26 Mar 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-287 |
26 Mar 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-03-26 16:15
Updated : 2025-04-04 20:15
NVD link : CVE-2025-2825
Mitre link : CVE-2025-2825
CVE.ORG link : CVE-2025-2825
JSON object : View
Products Affected
No product.
CWE
No CWE.
