CVE-2025-32440

Published May 27, 2025

Last updated 6 days ago

CVSS critical 10.0

Overview

Description: NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security-advisories@github.com: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netalertx:netalertx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "391ABCBA-1560-483B-B31A-3C66EF44D8D4",
            "versionEndExcluding": "25.4.14"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.