Share
## https://sploitus.com/exploit?id=D734F75B-0180-50A1-A932-6DA6F92E7A99
CVE-2025-31161 is a critical severity vulnerability allowing attackers to control how user authentication is handled by CrushFTP managed file transfer (MFT) software.
Affected versions: 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0

Exploit summary: Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and perform actions on their behalf, including administrative actions and data retrieval.

This vulnerability has been patched and mitigated in CrushFTP versions 11.3.1+ and 10.8.4+.

This PoC was originally created to achieve RCE on one of the HTB machines. However, after writing it, I discovered that this plugin can technically be enabled, but no necessary data will be downloaded, making it impossible to interact with it. And although it can't be used for the purpose I created it for, it can still be used on any other servers for research purposes, as well as for user creation as one of the steps in the machine's progression