CVE-2025-63419

Published: Nov 12, 2025

Modified: Nov 12, 2025

PUBLISHED

Description

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/MMAKINGDOM/39ded58b1e6d2d19366e76e0d5b1c851

https://github.com/MMAKINGDOM/CVE-2025-63419/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63419

Description

Affected Products

References