Crushftp 11.3 CVE-2025-31161 missing and WID-SEC-2025-0615 no Severity

Hello,
I had an issue with a server running a vulnerable CrushFTP server version (beginning of April 2025). At first i thought that OpenVAS just did not get the CVE info’s on time to warn me about it. I kept the vulnerable CrushFTP version and locked it in a test site and did more Scan test. Until today the following CVE is not in OpenVAS, although the Feed Status have a current version.

CVE: CVE-2025-31161 and CVE-2025-2825
Info: Crush11wiki: Compromise

What am I missing? Is it just “bad luck”, that this security breach could not be found?
Or is there a problem with my feed update? (I’m running a Docker installation)

So I found WID-SEC-2025-0615 seems to be the same vulnerable, but first it has no Severity Level and second is not found with the scan of the server.

Thanks for your help.

Hi 2305,

These CVEs are in fact covered in the Greenbone Enterprise Feed. You can view their Vulnerability Test information including CVSS on the SecInfo Portal. You may have to establish a guest login for these links below to work though.

CVE-2025-31161 (Note: This flaw was initially also tracked as CVE-2025-2825 but this CVE got rejected in the meantime.)

• OID-1.3.6.1.4.1.25623.1.0.154252
• OID-1.3.6.1.4.1.25623.1.0.114984

One remark on this:

Such WID-SEC advisories are just “supplemental” metadata and are not designed / used as a base for vulnerability scans. More info can be found e.g. here: