Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.9
Rocket TRUfusion Enterprise allows loading malicious URLs through proxy
CVE-2025-32355
Summary
An attacker could potentially load malicious content from the internet by specifying a full URL in a request. This could lead to security issues if the loaded content is executed or accessed. Rocket TRUfusion users should update to a fixed version to mitigate this risk.
Original title
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP reque...
Original description
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 17 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026