This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
The Shadowserver Foundation
shadowserver.bsky.social
did:plc:3xyh2kw5hfxsax4zff3pp5ub
We are sharing unpatched CrushFTP instances likely vulnerable to CVE-2025-2825 (CVSS 9.8) that may allow unauthenticated remote attackers to bypass authentication via HTTP(S) requests. We see ~1800 unpatched instances worldwide, with over 900 in the US.
https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2025-03-27&source=http_vulnerable&source=http_vulnerable6&tag=cve-2025-2825%2B&geo=all&data_set=count&scale=log
2025-03-28T13:13:26.075Z