PT-2025-21644 · Pnetlab · Pnetlab
Reza Rashidi
·
Published
2025-05-16
·
Updated
2025-05-16
·
CVE-2025-40629
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
PNETLab version 4.2.10
Description:
The issue arises from the application's failure to properly sanitize user inputs in its file access mechanisms, allowing attackers to perform directory traversal by manipulating file paths in HTTP requests. This enables access to sensitive files outside the intended directory.
Recommendations:
For PNETLab version 4.2.10, consider implementing proper input sanitation for file access mechanisms to prevent directory traversal attacks. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pnetlab