CVE-2025-44177

CVSS 8.2 HIGHEPSS 4.2%CWE-22

Vexday Risk Score

56Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.2EPSS 4.2%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

09 Jul 2025Published on NVD

16 Jul 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52367unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/stSLAYER/4a2ecfbab1215a0be0dde59c4ac0122d https://protop.com