CVE-2025-27413

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 28, 2025

Updated: Mar 4, 2025

CWE ID 22

Summary

CVE-2025-27413 is a vulnerability affecting the PwnDoc penetration testing reporting application. Prior to version 1.2.0, the backup restore functionality, which allows administrators to import raw data into the database, is vulnerable to Path Traversal attacks. This issue poses a risk to the template update functionality, which uses the path from the database to write content, potentially overwriting source code. An administrator with the `backups:create`, `backups:update`, and `templates:update` permissions can exploit this vulnerability to execute arbitrary code remotely. Version 1.2.0 of PwnDoc addresses this issue by fixing the path handling in the backup restore functionality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2025-27413

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations