- Description
- CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- crushftp
CVSS 3.1
- Type
- Secondary
- Base score
- 5
- Impact score
- 1.4
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
🚨CVE-2025-32102 & CVE-2025-32103: CrushFTP Server-Side Request Forgery (SSRF) and Directory Traversal FOFA Link: https://t.co/mCHjgwtfo0 FOFA Query: app="CrushFTP" Results: 342,867 Disclosure: https://t.co/XLhGxXq545 https://t.co/12LcRaar4Z
@DarkWebInformer
31 May 2025
8252 Impressions
18 Retweets
110 Likes
49 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-32103 🟠 MEDIUM (5) 🏢 CrushFTP - CrushFTP 🏗️ 9 🔗 https://t.co/P9dpUXIsuP 🔗 https://t.co/HHGQJWEeoF 🔗 https://t.co/RY2DUOEQNE #CyberCron #VulnAlert #InfoSec https://t.co/nzMM1Ql3gt
@cybercronai
15 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32103 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC sha… https://t.co/imp4SkMZcy
@CVEnew
15 Apr 2025
400 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: #CrushFTP: disponibile un #PoC per lo sfruttamento delle CVE-2025-32102 e CVE-2025-32103 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/I7KHBgVN6i 🔄 Aggiornamenti disponibili 🔄 https://t.co/RTJn8WhGOO
@Vulcanux_
15 Apr 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/TBdJTFenPB 🚨🚨CrushFTP Under Attack! CVE-2025-32102: SSRF alert! Attackers can exploit weak host/port validation to hijack requests. CVE-2025-32103: Directory traversal flaw exposes remote files to unauthorized https:
@zoomeye_team
15 Apr 2025
422 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-32102 & CVE-2025-32103: CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities 🔥PoC:https://t.co/lQtUDLHxUP 📊120K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/OpFcAmqXXM 👇Query HUNTER : https://t.co/wiHQ83gy
@HunterMapping
15 Apr 2025
1952 Impressions
6 Retweets
24 Likes
11 Bookmarks
0 Replies
0 Quotes
ファイル転送サーバーCrushFTPにおいて、重大な脆弱性CVE-2025-32102およびCVE-2025-32103が発見され、注目が集まっている。 CVE-2025-32102はSSRF脆弱性であり、不正なホストやポート指定により内部ネットワークのスキャンが可能となる。
@yousukezan
15 Apr 2025
1460 Impressions
2 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
The vulnerabilities, identified as CVE-2025-32102 and CVE-2025-32103, expose the server to Server-Side Request Forgery (SSRF) and Directory Traversal attacks, respectively. https://t.co/MELTgujQlm
@the_yellow_fall
15 Apr 2025
450 Impressions
4 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
https://t.co/VZOFZdWzDB [CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)
@CALIVEDATA
13 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ADDE9-3460-4944-A2F1-11B0A1622A53",
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]