CVE-2025-32355

CVSS v3.1

7.3

High

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.4.0

Description The Rocket TRUfusion Enterprise reverse proxy is misconfigured, permitting the specification of absolute URLs within HTTP request lines. This configuration flaw allows the proxy to load resources from the provided URL.

Recommendations Update Rocket TRUfusion Enterprise to a version later than 7.10.4.0.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-32355

Affected Products

Rocket Trufusion Enterprise

CVE-2025-32355

Weakness Enumeration

Related Identifiers

Affected Products

References · 15