CVE-2025-11195

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider Pro versions prior to 7.5.021

Description Rapid7 AppSpider Pro versions below 7.5.021 have a project name validation issue. An attacker can modify the project name directly in the configuration file to a name that already exists due to insufficient verification of project name uniqueness when editing outside the application.

Recommendations Update to version 7.5.021 or later.

Fix

Insufficient Verification of Data Authenticity

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-20

Related Identifiers

CVE-2025-11195

Affected Products

Appspider Pro

CVE-2025-11195

Weakness Enumeration

Related Identifiers

Affected Products

References · 6