CVE-2025-11195
Rapid7 AppSpider Project Name Validation Bypass
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
Rapid7 · AppSpider ProWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →