CVE-2025-32355 Scanner

Rocket TRUfusion Enterprise is a software product used primarily by enterprises for secure file collaboration and sharing, facilitating seamless data exchange across different departments or organizations. It is utilized in industries that require rigorous file exchange processes like automotive, aerospace, and manufacturing, meeting compliance and data security needs. TRUfusion Enterprise is crucial in maintaining workflows by enabling integration with various enterprise systems. Its deployment is typically managed by IT administrators within an organization to ensure controlled access to data. The software aims to enhance efficiency in handling large volumes of documentation and proprietary information securely. However, this vital role underscores the importance of addressing any vulnerabilities to ensure the continuity and safety of operations it supports.

The Server-Side-Request-Forgery (SSRF) vulnerability allows an attacker to manipulate the server into sending unauthorized requests. In the context of Rocket TRUfusion Enterprise, this issue arises from the software's handling of incoming HTTP requests through a misconfigured reverse proxy. The misconfiguration permits absolute URLs in HTTP request lines, enabling the proxy to fetch resources specified by an attacker. Such vulnerabilities are critical as they can be exploited to access internal resources, bypass security controls, and potentially result in information disclosure. SSRF vulnerabilities can serve as entry points to deeper network infiltrations or pivot attacks within a compromised system. Understanding this vulnerability is crucial for mitigating potential disruptions in sensitive operations and maintaining data integrity.

Technical details reveal that the SSRF vulnerability in Rocket TRUfusion Enterprise is facilitated by using a reverse proxy that incorrectly processes incoming HTTP request URLs. Attackers exploit the vulnerability by sending specially crafted requests that include absolute URLs, tricking the proxy into fetching unintended resources. The HTTP requests often target local or internal networks that are typically inaccessible from outside. This flaw allows attackers to interact with these internal environments via the compromised server, making it a vector for further attack surface exploration. Identifying the end point and parameter involved helps in depth assessments of exploitation risks and detailing how the reverse proxy can be misused to manipulate server requests.

Exploiting the SSRF vulnerability can have severe consequences, including unauthorized access to sensitive data and network resources. Attackers can leverage this flaw to initiate further network attacks, extract confidential information, or even achieve remote code execution by utilizing internal APIs or services. This vulnerability can serve as a direct threat to the confidentiality, integrity, and availability of enterprise systems. Successful exploitation may disrupt business continuity, lead to data breaches, and potentially compromise the trust of clients and partners. Continued exploitation can widen the attack vector, mapping out internal infrastructures for subsequent, more focused attacks.

REFERENCES

• https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
• https://nvd.nist.gov/vuln/detail/CVE-2025-32355