CVE-2025-34126
RIPS Scanner v0.54 Path Traversal
Vexday Risk Score
36Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 8.7EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
16 jul 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
RIPS Technologies · RIPS ScannerReferencias
https://codesec.blogspot.com/2015/03/rips-scanner-v-054-local-file-include.htmlhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/rips_traversal.rbhttps://rips-scanner.sourceforge.net/https://www.exploit-db.com/exploits/18660https://www.vulncheck.com/advisories/rips-scanner-path-traversal