Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Path Traversal vulnerability in PNETLab

Posted date 16/05/2025
Identificador
INCIBE-2025-0246
Importance
4 - High
Affected Resources

PNETLab v4.2.10.

Description

INCIBE has coordinated the publication of a high severity vulnerability affecting PNETLab version 4.2.10, a tool to create, share and practice Networking Lab with multi-vendors.This vulnerability has been discovered by Reza Rashidi from Hazard Lab.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-40629: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N| CWE-22
Solution

There is no reported solution at this time.

Detail

CVE-2025-40629: the application PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.

References list
PNETLab
Etiquetas