CrushFTP is confirmed as an exploited target in the Storm-1175 Medusa ransomware campaign via CVE-2025-31161, an authentication bypass vulnerability in the managed file transfer platform. MFT platforms are high-value targets for ransomware actors due to the sensitive data they handle and their typical internet exposure. Apply the CrushFTP patch for CVE-2025-31161 immediately and audit access logs for authentication bypass indicators.