CVE-2025-32355 PoC — Rocket TRUfusion Enterprise 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-32355.yaml

Associated Vulnerability

Title:Rocket TRUfusion Enterprise 安全漏洞 (CVE-2025-32355)
Description:Rocket TRUfusion Enterprise是美国Rocket公司的一个产品生命周期管理平台。 Rocket TRUfusion Enterprise 7.10.4.0及之前版本存在安全漏洞，该漏洞源于反向代理配置不当，允许在HTTP请求行中指定绝对URL，导致代理加载给定资源。

Description

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

File Snapshot


 id: CVE-2025-32355

info:
  name: Rocket TRUfusion Enterprise - Server Side Request Forgery
  author

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!