CVE-2025-32355
Published Feb 17, 2026
Last updated 2 months ago
AI description
CVE-2025-32355 describes a vulnerability found in Rocket TRUfusion Enterprise, affecting versions up to and including 7.10.4.0. The core of this issue lies within the product's reverse proxy component, which is designed to handle incoming connections. The vulnerability stems from a misconfiguration in this reverse proxy, allowing it to accept HTTP request lines that contain absolute URLs instead of the expected relative paths. This flaw enables an attacker to specify arbitrary external or internal URLs in the request, causing the proxy to fetch and load the designated resources. Such behavior can be exploited to facilitate Server-Side Request Forgery (SSRF) attacks.
- Description
- Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- trufusion_enterprise
CVSS 4.0
- Type
- Secondary
- Base score
- 7.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-918
- Hype score
- Not currently trending
🚨*CVE* CVE-2025-32355 Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying … https://t.co/aJIzeiro2d ----- Traducción: CVE-2025-32355 Roc… https://t.co/utmtNg
@infoflowcloud
23 Mar 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32355 Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying … https://t.co/YxfHhy4yAg
@CVEnew
23 Mar 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32355 - high 🚨 Rocket TRUfusion Enterprise - Server Side Request Forgery > Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming ... 👾 https://t.co/SRJD2p00Vf @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
18 Feb 2026
138 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-32355 Rocket TRUfusion Enterprise Reverse Proxy URL Injection Vulnerability https://t.co/zCzRkIYfmL
@VulmonFeeds
18 Feb 2026
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/0VmQ6SaQZc
@MrTuxracer
17 Feb 2026
2593 Impressions
9 Retweets
48 Likes
19 Bookmarks
2 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/kkVDeAnTVi
@rcesecurity
17 Feb 2026
2006 Impressions
11 Retweets
38 Likes
17 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA79548C-F8C9-46F0-9101-612A48E67DF3",
"versionEndExcluding": "7.10.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]