CVE-2025-32103

Medium CVSS: 5.0

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

Vendor

Crushftp

Product

Crushftp

CWE

CWE-40

Yayın Tarihi

2025-04-15 13:15:54

Güncelleme

2025-11-03 20:18:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-40 Crushftp MEDIUM Crushftp 2025

Referanslar

https://packetstorm.news/files/id/190460/ https://seclists.org/fulldisclosure/2025/Apr/17 https://www.crushftp.com/ http://seclists.org/fulldisclosure/2025/Apr/17 https://seclists.org/fulldisclosure/2025/Apr/17

Benzer Kayıtlar

Medium

CVE-2025-63419

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share…

Medium

CVE-2025-63420

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created F…

Critical

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and…

Medium

CVE-2025-32102

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=t…

Critical

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle…