CVE-2025-32355

Published Feb 17, 2026

Last updated 6 days ago

Rocket TRUfusion Enterprise

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-32355 describes a vulnerability found in Rocket TRUfusion Enterprise, affecting versions up to and including 7.10.4.0. The core of this issue lies within the product's reverse proxy component, which is designed to handle incoming connections. The vulnerability stems from a misconfiguration in this reverse proxy, allowing it to accept HTTP request lines that contain absolute URLs instead of the expected relative paths. This flaw enables an attacker to specify arbitrary external or internal URLs in the request, causing the proxy to fetch and load the designated resources. Such behavior can be exploited to facilitate Server-Side Request Forgery (SSRF) attacks.

Description
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-32355 - high 🚨 Rocket TRUfusion Enterprise - Server Side Request Forgery > Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming ... 👾 https://t.co/SRJD2p00Vf @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    18 Feb 2026

    138 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. CVE-2025-32355 Rocket TRUfusion Enterprise Reverse Proxy URL Injection Vulnerability https://t.co/zCzRkIYfmL

    @VulmonFeeds

    18 Feb 2026

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/0VmQ6SaQZc

    @MrTuxracer

    17 Feb 2026

    2593 Impressions

    9 Retweets

    48 Likes

    19 Bookmarks

    2 Replies

    0 Quotes

  4. Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/kkVDeAnTVi

    @rcesecurity

    17 Feb 2026

    2006 Impressions

    11 Retweets

    38 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.