AI description
CVE-2025-32102 is a Server-Side Request Forgery (SSRF) vulnerability affecting CrushFTP versions 9.x, 10.x up to 10.8.4, and 11.x up to 11.3.1. The vulnerability stems from improper validation of the host and port parameters within telnetSocket requests. An attacker can exploit this by manipulating the host and port parameters to scan remote ports. The server's response ("Connected" or "Connection refused") indicates the success or failure of the connection attempt. This vulnerability can be exploited to read files accessible by SMB at UNC share pathnames, effectively bypassing Security Manager restrictions by injecting a UNC path (e.g., \\server\resource) instead of a local path.
- Description
- CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5
- Impact score
- 1.4
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-918
- Hype score
- Not currently trending
🚨 CVE-2025-32102 🟠 MEDIUM (5) 🏢 CrushFTP - CrushFTP 🏗️ 9 🔗 https://t.co/P9dpUXIsuP 🔗 https://t.co/HHGQJWEeoF 🔗 https://t.co/RY2DUOEQNE #CyberCron #VulnAlert #InfoSec https://t.co/zpaFBeQU9W
@cybercronai
15 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32102 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/funct… https://t.co/r4C6coIFuO
@CVEnew
15 Apr 2025
274 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
csirt_it: #CrushFTP: disponibile un #PoC per lo sfruttamento delle CVE-2025-32102 e CVE-2025-32103 Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/I7KHBgVN6i 🔄 Aggiornamenti disponibili 🔄 https://t.co/RTJn8WhGOO
@Vulcanux_
15 Apr 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32102, -32103: Multiple vulns in CrushFTP❗️ Vulns in the popular file transfer web service include Directory Traversal and SSRF. A PoC has also been published. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/wJUNYoDlsx #cybersecurity #vulnerability_map https:
@Netlas_io
15 Apr 2025
45 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CrushFTP vulnerabilities (CVE-2025-32102 & 32103) expose servers to SSRF and directory traversal attacks—patch immediately. Details: https://t.co/x4GLurzfx7 #CyberSecurity #Vulnerability
@adriananglin
15 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/TBdJTFenPB 🚨🚨CrushFTP Under Attack! CVE-2025-32102: SSRF alert! Attackers can exploit weak host/port validation to hijack requests. CVE-2025-32103: Directory traversal flaw exposes remote files to unauthorized https:
@zoomeye_team
15 Apr 2025
422 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-32102 & CVE-2025-32103: CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities 🔥PoC:https://t.co/lQtUDLHxUP 📊120K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/OpFcAmqXXM 👇Query HUNTER : https://t.co/wiHQ83gy
@HunterMapping
15 Apr 2025
1952 Impressions
6 Retweets
24 Likes
11 Bookmarks
0 Replies
0 Quotes
ファイル転送サーバーCrushFTPにおいて、重大な脆弱性CVE-2025-32102およびCVE-2025-32103が発見され、注目が集まっている。 CVE-2025-32102はSSRF脆弱性であり、不正なホストやポート指定により内部ネットワークのスキャンが可能となる。
@yousukezan
15 Apr 2025
1460 Impressions
2 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
The vulnerabilities, identified as CVE-2025-32102 and CVE-2025-32103, expose the server to Server-Side Request Forgery (SSRF) and Directory Traversal attacks, respectively. https://t.co/MELTgujQlm
@the_yellow_fall
15 Apr 2025
450 Impressions
4 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
https://t.co/VZOFZdWzDB [CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)
@CALIVEDATA
13 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes