CVE-2025-32355
Published Feb 17, 2026
Last updated 20 days ago
- Description
- Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
๐จ CVE-2025-32355 - high ๐จ Rocket TRUfusion Enterprise - Server Side Request Forgery > Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming ... ๐พ https://t.co/SRJD2p00Vf @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
18 Feb 2026
138 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-32355 Rocket TRUfusion Enterprise Reverse Proxy URL Injection Vulnerability https://t.co/zCzRkIYfmL
@VulmonFeeds
18 Feb 2026
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/0VmQ6SaQZc
@MrTuxracer
17 Feb 2026
2593 Impressions
9 Retweets
48 Likes
19 Bookmarks
2 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/kkVDeAnTVi
@rcesecurity
17 Feb 2026
2006 Impressions
11 Retweets
38 Likes
17 Bookmarks
0 Replies
0 Quotes