← back
CVE-2025-40629

Path Traversal vulnerability in PNETLab

CVSS 8.7 HIGHEPSS 0.8%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
PNETLab · PNETLab