CrushFTP 11.3.1

CPE Details

CrushFTP 11.3.1
crushftp
crushftp
11.3.1
2025-04-08
17h17 +00:00
2025-04-08
17h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:crushftp:crushftp:11.3.1:*:*:*:*:*:*:*

Informations

Vendor

crushftp

Product

crushftp

Version

11.3.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-32102 2025-04-15 00h00 +00:00 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.
5
Medium
CVE-2025-32103 2025-04-15 00h00 +00:00 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.
5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.