CVE-2025-40629 | THREATINT

Description

PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-16 | Updated 2025-05-16 | Assigner INCIBE

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

4.2.10

affected

Credits

Reza Rashidi finder

References

www.incibe.es/.../aviso/path-traversal-vulnerability-pnetlab

cve.org (CVE-2025-40629)

nvd.nist.gov (CVE-2025-40629)

Download JSON