CrushFTP in Hot Water: CEO’s Feud with VulnCheck Over Unofficial CVE Sparks Controversy

CrushFTP’s CEO is fuming after VulnCheck issued an unofficial CVE ID for a critical vulnerability. In a heated email exchange, CrushFTP demanded VulnCheck remove the “fake” ID, insisting the real CVE is pending. Meanwhile, customers are left in a patch frenzy, all while the world waits for CrushFTP’s own CVE to drop.

3P
Published: March 27, 2025 1:26 pmAdded: March 27, 2025 at 6:48 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like CrushFTP’s CEO isn’t just crushing file transfers, but also any attempts by VulnCheck to steal the spotlight with their unofficial CVE! Who knew CVEs could lead to such a juicy drama worthy of a daytime soap? Stay tuned for the next episode of “As the Cyber World Turns.”

Key Points:

  • CrushFTP is fuming over VulnCheck’s unofficial CVE ID release for a critical vulnerability.
  • The CEO of CrushFTP claims VulnCheck’s CVE will be deleted as a duplicate.
  • CrushFTP’s vulnerability advisory is behind a paywall and contains conflicting information.
  • The vulnerability allows unauthorized access via crafted HTTP requests.
  • Assigning timely CVEs is crucial for IT defenders to prioritize security risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?