Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2025-32103 - Vulnerability Database
CrushFTP Server

CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2025-32103

Medium
Reference: CVE-2025-32103
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-32103
Title: CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames bypassing SecurityManager restrictions.