SSRF Vulnerability in CrushFTP Versions 9.x to 11.x
CVE-2025-32102

5MEDIUM

Key Information:

Vendor

Crushftp
Status
Crushftp
Vendor
CVE Published:
15 April 2025

Badges

📈 Score: 799👾 Exploit Exists📰 News Worthy

What is CVE-2025-32102?

CVE-2025-32102 is a security vulnerability identified in specific versions of CrushFTP, a file transfer software designed for secure data handling. This vulnerability exists in CrushFTP versions 9.x to 11.x and allows for server-side request forgery (SSRF) through certain command parameters in the software’s web interface. The SSRF vulnerability may grant unauthorized access to internal services, leading to potential data breaches or unauthorized actions through the affected application, which can severely disrupt an organization's operational integrity and security posture.

Technical Details

The vulnerability arises from improper handling of user-supplied host and port parameters within a specific API request (command=telnetSocket) to the web interface of CrushFTP. This design flaw enables attackers to manipulate these parameters, potentially sending unauthorized requests to internal or external systems. The flaw is present in CrushFTP versions ranging from 9.x to 10.8.4 and in all versions of 11.x up to 11.3.1. These versions lack adequate input validation and sanitization, which can be exploited by attackers seeking to perform actions that should not ordinarily be permitted.

Potential Impact of CVE-2025-32102

  1. Unauthorized Internal Access: Exploitation of this vulnerability could allow attackers to access internal services and resources that are not normally exposed to the outside network, enabling further attacks on sensitive data or systems.

  2. Data Exposure and Breaches: The potential for SSRF could lead to unauthorized data exposure, which may include private or confidential information stored within the network, leading to significant data breaches and compliance issues.

  3. System Compromise: If an attacker successfully exploits this vulnerability, they could manipulate internal systems for malicious purposes, potentially leading to full system compromise, unauthorized actions, or the deployment of additional malware within the network.

Affected Version(s)

CrushFTP 9 <= 10.8.4

CrushFTP 11 <= 11.3.1

News Articles

favicon imagePacket Storm

Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

favicon imageTenable

CVE-2025-32102

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

favicon imageVulmon

CVE-2025-32102 Server-Side Request Forgery (SSRF) in CrushFTP...

Server-Side Request Forgery (SSRF) in CrushFTP Versions 9.x, 10.x, and 11.x CrushFTP versions 9.x and 10.x through 10.8.4, along with versions 11.x through 11.

References

https://www.crushftp.com/
https://seclists.org/fulldisclosure/2025/Apr/17
https://packetstorm.news/files/id/190460/

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Vulmon

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32102 : SSRF Vulnerability in CrushFTP Versions 9.x to 11.x