Vulnerability DatabaseCVE-2025-27410
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-27410
February 28, 2025
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included ".js" file and restarting the container, this allows for Remote Code Execution as an administrator. The remote code execution occurs because any user with the "backups:create" and "backups:update" (only administrators by default) is able to overwrite any file on the system. Version 1.2.0 fixes the issue.
Related ResourcesĀ (4)
https://github.com/pwndoc/pwndoc/security/advisories/GHSA-mxw8-vgvx-89hx
https://github.com/pwndoc/pwndoc/commit/98f284291d73d3a0b11d3181d845845c192d1080
https://github.com/pwndoc/pwndoc/releases/tag/v1.2.0
https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/routes/backup.js#L527
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Relative Path Traversal
CWE-23
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22
EPSS
Base Score:
21.64