EUVD-2025-10974

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

CrushFTP 9.x to 10.8.4 and 11.x to 11.3.1 allows directory traversal to read files via SMB.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the web interface of the cross-platform FTP server CrushFTP allows a hacker to gain unauthorized access to arbitrary directories and files.	16 Apr 202500:00	–	bdu_fstec
Circl	CVE-2025-32103	13 Apr 202518:31	–	circl
CNNVD	CrushFTP 安全漏洞	15 Apr 202500:00	–	cnnvd
CVE	CVE-2025-32103	15 Apr 202500:00	–	cve
Cvelist	CVE-2025-32103	15 Apr 202500:00	–	cvelist
NVD	CVE-2025-32103	15 Apr 202513:15	–	nvd
Packet Storm	📄 CrushFTP 9.x / 10.8.4 / 11.3.1 Server-Side Request Forgery / Directory Traversal	14 Apr 202500:00	–	packetstorm
Positive Technologies	PT-2025-16194 · Crushftp · Crushftp	4 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-32103	17 Apr 202502:20	–	redhatcve
Vulnrichment	CVE-2025-32103	15 Apr 202500:00	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "33ccf630-787c-33f2-81c9-2f3cbf78c859",
        "vendor": {
          "name": "CrushFTP"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "52b43806-9353-3833-b4df-fd8748b1215d",
        "product": {
          "name": "CrushFTP"
        },
        "product_version": "9 ≤10.8.4"
      },
      {
        "id": "5fed504c-fa05-3a82-a143-4206a9d12f6a",
        "product": {
          "name": "CrushFTP"
        },
        "product_version": "11 ≤11.3.1"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-32103
packetstorm	www.packetstorm.news/files/id/190460
seclists	www.seclists.org/fulldisclosure/2025/Apr/17
crushftp	www.crushftp.com/
crushftp	www.crushftp.com/
packetstorm	www.packetstorm.news/files/id/190460/

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15

EPSS0.00391

SSVC