Lb0X

**Name of the Vulnerable Software and Affected Versions** RaspAP version 2.5 **Description** An issue in the includes/webconsole.php file allows an attacker with authenticated access to exploit a misconfigured web console. This can lead to attacks on the underlying OS, which is typically a Raspberry Pi system running this software. The exploitation can result in the execution of system commands, including those for uploading files and executing code. **Recommendations** For RaspAP version 2.5, consider restricting access to the web console and limiting the execution of system commands to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the web console until a patch or configuration fix is available.