Directory Traversal Vulnerability in CrushFTP Products
CVE-2025-32103

5MEDIUM

Key Information:

Vendor: Crushftp
Status: Crushftp
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-32103?

A directory traversal vulnerability exists in CrushFTP versions 9.x, 10.x (up to 10.8.4), and 11.x (up to 11.3.1) that allows attackers to exploit the /WebInterface/function/ URI. This exploit can enable unauthorized access to files via SMB, leveraging UNC share pathnames and circumventing established SecurityManager restrictions. Such vulnerabilities pose significant risks to sensitive data and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CrushFTP 9 <= 10.8.4

CrushFTP 11 <= 11.3.1

References

https://www.crushftp.com/

https://seclists.org/fulldisclosure/2025/Apr/17

https://packetstorm.news/files/id/190460/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Apr 4, 2025

JSON

Crushftp

What is CVE-2025-32103?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.