CVE-2025-32440

Critical CVSS: 10.0

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.

Vendor

Netalertx

Product

Netalertx

CWE

CWE-306

Yayın Tarihi

2025-05-27 22:15:21

Güncelleme

2025-07-11 18:58:26

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-306 Netalertx CRITICAL Netalertx 2025

Referanslar

https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14 https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx

Benzer Kayıtlar

Critical

CVE-2025-48952

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentic…

Critical

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because fun…

High

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and…