A recently revealed significant security vulnerability affecting CrushFTP has been included by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in its Known Exploited Vulnerabilities (KEV) directory following reports of ongoing exploitation in real-world scenarios.
The flaw pertains to an authentication bypass that may allow an unauthenticated intruder to seize control of vulnerable instances. It has