AI description
CVE-2025-32103 is a directory traversal vulnerability affecting CrushFTP versions 9.x, 10.x up to 10.8.4, and 11.x up to 11.3.1. It exists in the `/WebInterface/function/` URI, which allows attackers to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions. The vulnerability stems from the application's failure to properly filter or restrict network paths when listing directories or files. By injecting a UNC path (e.g., `\\server\resource`) instead of a local path (e.g., `C:/PATH`), an attacker can gain unauthorized access to remote directories and files.
- Description
- CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 5
- Impact score
- 1.4
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
🚨CVE-2025-32102 & CVE-2025-32103: CrushFTP Server-Side Request Forgery (SSRF) and Directory Traversal FOFA Link: https://t.co/mCHjgwtfo0 FOFA Query: app="CrushFTP" Results: 342,867 Disclosure: https://t.co/XLhGxXq545 https://t.co/12LcRaar4Z
@DarkWebInformer
31 May 2025
8252 Impressions
18 Retweets
110 Likes
49 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-32103 🟠 MEDIUM (5) 🏢 CrushFTP - CrushFTP 🏗️ 9 🔗 https://t.co/P9dpUXIsuP 🔗 https://t.co/HHGQJWEeoF 🔗 https://t.co/RY2DUOEQNE #CyberCron #VulnAlert #InfoSec https://t.co/nzMM1Ql3gt
@cybercronai
15 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32103 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC sha… https://t.co/imp4SkMZcy
@CVEnew
15 Apr 2025
400 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: #CrushFTP: disponibile un #PoC per lo sfruttamento delle CVE-2025-32102 e CVE-2025-32103 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/I7KHBgVN6i 🔄 Aggiornamenti disponibili 🔄 https://t.co/RTJn8WhGOO
@Vulcanux_
15 Apr 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/TBdJTFenPB 🚨🚨CrushFTP Under Attack! CVE-2025-32102: SSRF alert! Attackers can exploit weak host/port validation to hijack requests. CVE-2025-32103: Directory traversal flaw exposes remote files to unauthorized https:
@zoomeye_team
15 Apr 2025
422 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-32102 & CVE-2025-32103: CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities 🔥PoC:https://t.co/lQtUDLHxUP 📊120K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/OpFcAmqXXM 👇Query HUNTER : https://t.co/wiHQ83gy
@HunterMapping
15 Apr 2025
1952 Impressions
6 Retweets
24 Likes
11 Bookmarks
0 Replies
0 Quotes
ファイル転送サーバーCrushFTPにおいて、重大な脆弱性CVE-2025-32102およびCVE-2025-32103が発見され、注目が集まっている。 CVE-2025-32102はSSRF脆弱性であり、不正なホストやポート指定により内部ネットワークのスキャンが可能となる。
@yousukezan
15 Apr 2025
1460 Impressions
2 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
The vulnerabilities, identified as CVE-2025-32102 and CVE-2025-32103, expose the server to Server-Side Request Forgery (SSRF) and Directory Traversal attacks, respectively. https://t.co/MELTgujQlm
@the_yellow_fall
15 Apr 2025
450 Impressions
4 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
https://t.co/VZOFZdWzDB [CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)
@CALIVEDATA
13 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA3ADDE9-3460-4944-A2F1-11B0A1622A53",
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "9.0.0"
}
],
"operator": "OR"
}
]
}
]