CVE-2025-32440

Name of the Vulnerable Software and Affected Versions NetAlertX version 25.4.13 and earlier

Description NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to "/index.php".

Recommendations For versions prior to 25.4.14, update to version 25.4.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/index.php" endpoint to minimize the risk of exploitation. Additionally, avoid using sensitive functions within util.php until the issue is resolved.