PT-2025-28901 · White Star · Protop
Stslayer
·
Published
2025-07-09
·
Updated
2025-07-21
·
CVE-2025-44177
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
White Star Software Protop version 4.4.2-2024-11-27
Description:
A directory traversal issue exists in White Star Software Protop version 4.4.2-2024-11-27. An unauthenticated attacker can remotely read arbitrary files on the underlying operating system by utilizing encoded traversal sequences through the
/pt3upd/ endpoint.Recommendations:
Update to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the
/pt3upd/ endpoint.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Protop