[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

Read Time:26 Second

Posted by Rafael Pedrero on Apr 13

<!–
# Exploit Title: Server-Side Request Forgery (SSRF) in CrushFTP 10.7.1 and
11.1.0 (as well as legacy 9.x)
# Date: 2024-10-20
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.crushftp.com/
# Software Link: https://www.crushftp.com/download/
# Version: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1
# Tested on: all
# CVE : CVE-2025-32102
# Vulnerability: CWE-918
# Category: webapps

1. Description

CrushFTP 9.x…

pgadmin4-9.2-1.fc41

FEDORA-2025-49d6f62c0e Packages in this update: pgadmin4-9.2-1.fc41 Update description: Update to pgadmin-9.2. Read More

April 17, 2025

java-latest-openjdk-24.0.1.0.9-1.rolling.el9

FEDORA-EPEL-2025-69dbee5b72 Packages in this update: java-latest-openjdk-24.0.1.0.9-1.rolling.el9 Update description: April 2025 CPU Fixed alternatives priority Java-latest-openjdk updated to jdk 24 Read...

April 17, 2025

java-latest-openjdk-24.0.1.0.9-1.rolling.el10_0 java-latest-openjdk-portable-24.0.1.0.9-1.rolling.el8

FEDORA-EPEL-2025-eb6bb14364 Packages in this update: java-latest-openjdk-24.0.1.0.9-1.rolling.el10_0 java-latest-openjdk-portable-24.0.1.0.9-1.rolling.el8 Update description: April 2025 CPU First jdk24 for epel10 Read More

April 17, 2025

java-1.8.0-openjdk-portable-1.8.0.452.b06-2.fc39 java-17-openjdk-portable-17.0.15.0.6-1.fc40

FEDORA-2025-5c15947cd4 Packages in this update: java-17-openjdk-portable-17.0.15.0.6-1.fc40 java-1.8.0-openjdk-portable-1.8.0.452.b06-2.fc39 Update description: April 2025 CPU Read More

April 17, 2025

java-1.8.0-openjdk-1.8.0.452.b06-1.fc40

FEDORA-2025-b6323169bc Packages in this update: java-1.8.0-openjdk-1.8.0.452.b06-1.fc40 Update description: April 2025 CPU Read More

April 17, 2025

java-1.8.0-openjdk-1.8.0.452.b06-1.fc41

FEDORA-2025-e81dbae527 Packages in this update: java-1.8.0-openjdk-1.8.0.452.b06-1.fc41 Update description: April 2025 CPU Read More

April 17, 2025

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack

Smashing Security podcast #413: Hacking the hackers… with a credit card?

[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

pgadmin4-9.2-1.fc41

java-latest-openjdk-24.0.1.0.9-1.rolling.el9

java-latest-openjdk-24.0.1.0.9-1.rolling.el10_0 java-latest-openjdk-portable-24.0.1.0.9-1.rolling.el8

java-1.8.0-openjdk-portable-1.8.0.452.b06-2.fc39 java-17-openjdk-portable-17.0.15.0.6-1.fc40

java-1.8.0-openjdk-1.8.0.452.b06-1.fc40

java-1.8.0-openjdk-1.8.0.452.b06-1.fc41