CrushFTP is included in the Storm-1175 active exploitation campaign via CVE-2025-31161. The patched version is CrushFTP 10.8.4 or later, or 11.3.1 or later depending on deployment branch. Organizations should verify version currency and isolate any unpatched internet-facing CrushFTP instances immediately, given the campaign’s 24-hour ransomware deployment capability.