CVE-2025-40629

Published May 16, 2025

Last updated a month ago

Overview

Description: PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.
Source: cve-coordination@incibe.es
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 8.7
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

Weaknesses

cve-coordination@incibe.es: CWE-22

Hype score: Not currently trending

[CVE-2025-40629: HIGH] Vulnerable version of PNETLab allows attackers to perform directory traversal by manipulating file paths in HTTP requests due to lack of input sanitation. #cybersecurity#cve,CVE-2025-40629,#cybersecurity https://t.co/RW1xnuUvEx https://t.co/fsIEiCdaVs
@CveFindCom
16 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.