[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)  – Full Disclosure

Posted by Rafael Pedrero on Apr 13

<!–
# Exploit Title: Server-Side Request Forgery (SSRF) in CrushFTP 10.7.1 and
11.1.0 (as well as legacy 9.x)
# Date: 2024-10-20
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.crushftp.com/
# Software Link: https://www.crushftp.com/download/
# Version: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1
# Tested on: all
# CVE : CVE-2025-32102
# Vulnerability: CWE-918
# Category: webapps

1. Description

CrushFTP 9.x…
 – Read More  – Full Disclosure