High severity7.3NVD Advisory· Published Feb 17, 2026· Updated Apr 3, 2026
CVE-2025-32355
CVE-2025-32355
Description
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*range: <7.10.5.0
- (no CPE)range: <=7.10.4.0
Patches
Vulnerability mechanics
References
3- www.rcesecurity.com/advisories/cve-2025-32355/nvdExploitThird Party Advisory
- www.rcesecurity.comnvdNot Applicable
- www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprisenvdProduct
News mentions
0No linked articles in our index yet.