cbcvebase.
CVE-2025-32103
published 2025-04-15

CVE-2025-32103: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at…

PriorityP336medium5CVSS 3.1
AVNACLPRLUINSCCNILAN
EPSS
12.22%
95.7th percentile
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

Affected

3 ranges
VendorProductVersion rangeFixed in
crushftpcrushftp11 – 11.3.1
crushftpcrushftp9 – 10.8.4
crushftpcrushftp9.0.0 – 11.3.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.