CVE-2025-32103 | CrushFTP up to 10.7.1/10.8.4/11.1.0/11.3.1 UNC Share Pathname /WebInterface/function/ path traversal
A vulnerability was found in CrushFTP up to 10.7.1/10.8.4/11.1.0/11.3.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /WebInterface/function/ of the component UNC Share Pathname Handler. The manipulation leads to path traversal: '\unc\share\name\' (windows unc share).
This vulnerability is handled as CVE-2025-32103. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.