VYPR
High severity7.3NVD Advisory· Published Feb 17, 2026· Updated Apr 3, 2026

CVE-2025-32355

CVE-2025-32355

Description

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:rocketsoftware:trufusion_enterprise:*:*:*:*:*:*:*:*range: <7.10.5.0
    • (no CPE)range: <=7.10.4.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.