CVE-2025-32355

HIGH
2026-02-17 [email protected]
7.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 17, 2026 - 20:22 nvd
HIGH 7.9

Tags

SSRF

Description

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

Analysis

Rocket TRUfusion Enterprise versions up to 7.10.4.0 is affected by server-side request forgery (ssrf) (CVSS 7.3).

Technical Context

This vulnerability (CWE-918: Server-Side Request Forgery (SSRF)) affects Rocket TRUfusion Enterprise. Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

Affected Products

Product: Rocket TRUfusion Enterprise. Versions: up to 7.10.4.0.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +2.4
CVSS: +40
POC: 0

Share

CVE-2025-32355 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy