CVE-2025-32355
published 2026-02-17CVE-2025-32355: Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows…
PriorityP275high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.25%
65.7th percentile
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rocketsoftware | trufusion_enterprise | < 7.10.5.0 | 7.10.5.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSRF exploitation attempts by monitoring HTTP requests where the request line contains an absolute URL (e.g., GET http://...) targeting internal addresses, particularly to port 8080 and path /axis2/services/listServices. ↗
- →Successful SSRF exploitation returns a response body containing 'Available services' or 'Service Description', indicating the Axis2 service listing was exposed via the misconfigured proxy. ↗
- →Use the Shodan dork html:"TRUfusion Enterprise" to identify exposed instances of Rocket TRUfusion Enterprise for proactive asset discovery. ↗
- →The vulnerability requires the 'unsafe: true' flag in HTTP request handling, meaning the raw absolute-URL request line must be forwarded as-is to the proxy — look for proxy access logs showing absolute URLs in GET request lines. ↗
- ·The SSRF is triggered by specifying absolute URLs in the HTTP request line (not a header), which requires a raw/unsafe HTTP client that does not normalize the request. Standard HTTP libraries may rewrite the request line, preventing exploitation. ↗
- ·The internal SSRF target used in the PoC is 127.0.0.1:8080 (Axis2), but the misconfiguration allows arbitrary absolute URLs — detection rules should not be limited to this single target. ↗
- ·This vulnerability affects Rocket TRUfusion Enterprise through version 7.10.4.0 only; later versions with proxy configuration fixes are not affected. ↗
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv4.07.9HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck7.9HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hf4g-rr9m-7fx6: Rocket TRUfusion Enterprise through 7
ghsa_unreviewed·2026-02-17
CVE-2025-32355 [HIGH] CWE-918 GHSA-hf4g-rr9m-7fx6: Rocket TRUfusion Enterprise through 7
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
VulnCheck
rocketsoftware trufusion_enterprise Server-Side Request Forgery (SSRF)
vulncheck·2025·CVSS 7.9
CVE-2025-32355 [HIGH] rocketsoftware trufusion_enterprise Server-Side Request Forgery (SSRF)
rocketsoftware trufusion_enterprise Server-Side Request Forgery (SSRF)
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
Affected: Rocket Software TRUfusion Enterprise
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2025-32355
No detection rules found.
Nuclei
Rocket TRUfusion Enterprise - Server Side Request Forgery
nuclei·CVSS 7.9
CVE-2025-32355 [HIGH] Rocket TRUfusion Enterprise - Server Side Request Forgery
Rocket TRUfusion Enterprise - Server Side Request Forgery
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
Template:
id: CVE-2025-32355
info:
name: Rocket TRUfusion Enterprise - Server Side Request Forgery
author: princechaddha,rcesecurity,DhiyaneshDk
severity: high
description: |
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
impact: |
Attackers can make the proxy load arbitrary resou
No writeups or analysis indexed.
2026-02-17
Published
Exploited in the wild