Critical Vulnerability Discovered in CrushFTP: Attackers Can Gain Unauthorized Access

Cybersecurity threats continue to escalate, putting the confidential data of companies and organizations at risk. On March 21, 2025, a serious security vulnerability was discovered in CrushFTP, allowing attackers to bypass authentication and gain access to the system through HTTPS ports.

Additionally, a vulnerability identified as CVE-2025-29927 was found in the Next.js platform, enabling attackers to bypass authorization checks at the middleware level.

Both vulnerabilities pose a significant security risk, as they can lead to data breaches and compromise critical applications.

CrushFTP is a widely used file transfer system, trusted by many businesses and government organizations. However, this newly discovered vulnerability allows attackers to bypass authentication and gain access through standard HTTPS ports.

🔴 Which Versions Are Affected?

  • CrushFTP versions 10 and 11 are affected when specific configurations are in place.
  • Systems using CrushFTP’s DMZ functionality are NOT vulnerable.

🔍 Why Is This Vulnerability Dangerous?

  • Attackers can gain unauthorized access to sensitive files and download them.
  • It can be used as an entry point for further cyberattacks.
  • Since CrushFTP has been targeted by hackers in the past, this vulnerability could be exploited for ransomware attacks.

🛡 Security analysts from Rapid7 commented on the vulnerability:

“This flaw allows attackers to gain initial access to the system without authentication, representing a critical security failure.”

Next.js is a widely used React-based framework for web development. The vulnerability CVE-2025-29927 allows attackers to bypass authorization checks at the middleware level, potentially granting unauthorized access to protected pages and sensitive data.

Security Recommendations

🔹 What Should CrushFTP Users Do?
1️⃣ Immediate Update! Upgrade to CrushFTP version 11.3.1 or later. This update patches the vulnerability that allows unauthorized access via HTTPS ports.
2️⃣ If an immediate update is not possible:

  • Enable DMZ functionality – this helps protect the system.
  • Check system logs – review for any previous unauthorized access attempts.
    3️⃣ Strengthen Network Security:
  • Restrict system access by allowing connections only from trusted IP addresses.
  • Configure firewall and IDS/IPS systems to block suspicious traffic.
  • Update and secure HTTPS certificates to prevent Man-in-the-Middle (MITM) attacks.
    4️⃣ Create Regular Backups – ensure that important data can be restored in case of a breach.

🔹 What Should Next.js Users Do?
To mitigate CVE-2025-29927, immediately update Next.js and implement additional security measures for authorization control at the middleware level.

The CrushFTP and Next.js vulnerabilities create serious opportunities for cybercriminals. This incident highlights the critical importance of securing web applications and virtual infrastructure.

CrushFTP users must urgently update their systems, as this vulnerability could allow attackers to gain unauthorized access to confidential files and system resources.

Next.js users should quickly patch the vulnerability by updating the framework and strengthening security checks for authorization.

🚨 Reminder! In cybersecurity, the most important rule is prevention and timely updates! Attackers actively exploit vulnerabilities in such systems, so organizations must reinforce their defenses and implement the latest security measures.