MMAKINGDOM/CVE-2025-63419

Releases0

CrushFTP before 11.3.7_60 is vulnerable to HTML Injection. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitzations leading to HTML Injection.

Subscribe above to receive notifications when new versions are released.

	Version	Date	Stability Stability is determined by the version string and my be inaccurate.

Previous Next