CVE-2025-31161 — CrushFTP CrushFTP — CrushFTP Authentication Bypass Vulnerability

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.