vulnerability

CrushFTP: CVE-2025-32103: Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Apr 15, 2025	Apr 15, 2025	Nov 13, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Apr 15, 2025

Added

Apr 15, 2025

Modified

Nov 13, 2025

Description

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

Solution

crushftp-crushftp-upgrade-latest

References

CWE-40
CWE-22
CVE-2025-32103
https://attackerkb.com/topics/CVE-2025-32103
URL-https://packetstorm.news/files/id/190460/
URL-https://seclists.org/fulldisclosure/2025/Apr/17
URL-https://www.crushftp.com/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today