CVE-2025-32102 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-32102 PUBLISHED CVSS 5 MEDIUM

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

EPSS 0.46% · 63.7th percentile

Risk Scores

CVSS v3.1

5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

EPSS Score

0.46%

63.7th percentile

Affected Products

Vendor	Product	Versions
CrushFTP	CrushFTP	9, 11
crushftp	crushftp	11, 9.0.0, 9

Timeline

Apr 13, 2025 PoC Published
Apr 13, 2025 PoC Published
Apr 13, 2025 PoC Published
Apr 13, 2025 PoC Published
Apr 14, 2025 PoC Published
Apr 15, 2025 CVE Published
Apr 15, 2025 PoC Published
Apr 15, 2025 PoC Published
Apr 15, 2025 PoC Published
Apr 16, 2025 EPSS Score
Apr 16, 2025 PoC Published
Apr 16, 2025 PoC Published

References

Open in Interactive Console →