PT-2025-39395 · Rapid7 · Rapid7 Appspider Pro
Published
2025-09-25
·
Updated
2025-09-25
·
CVE-2025-36857
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rapid7 Appspider Pro versions prior to 7.5.021
Description
The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can override original settings, leading to a security issue. This is due to improper directory access management.
Recommendations
Update to version 7.5.021 or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rapid7 Appspider Pro