PT-2025-28901 · White Star · Protop

Stslayer

Published

2025-07-09

Updated

2025-07-21

CVE-2025-44177

Report an issue

CVSS v3.1

8.2

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

**Name of the Vulnerable Software and Affected Versions:**

White Star Software Protop version 4.4.2-2024-11-27

**Description:**

A directory traversal issue exists in White Star Software Protop version 4.4.2-2024-11-27. An unauthenticated attacker can remotely read arbitrary files on the underlying operating system by utilizing encoded traversal sequences through the `/pt3upd/` endpoint.

**Recommendations:**

Update to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the `/pt3upd/` endpoint.

Exploit

Fix

Path traversal

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-44177

Affected Products

Protop

PT-2025-28901 · White Star · Protop

Weakness Enumeration

Related Identifiers

Affected Products

References · 10