Home > Vulnerability Database > CVE-2025-44163

Mend.io Vulnerability Database

CVE-2025-44163

Good to know:

Date: June 26, 2025

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the "entity" parameter to overwrite arbitrary files writable by the web server via abuse of the "tee" command used in shell execution.

Severity Score

6.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-44163

Url: https://github.com/RaspAP/raspap-webgui/commit/eb53c46c336384d78336b021adea94d9257e1d67

Url: https://github.com/RaspAP/raspap-webgui/blob/125ae7a39ad7c9a71250d3b3e349fd767687ff8d/ajax/networking/get_wgkey.php#L9

Url: https://github.com/RaspAP/raspap-webgui

Url: https://gist.github.com/YichaoXu/3694f039a3d1b973efd068e4dc662a41

Url: https://www.mend.io/vulnerability-database/CVE-2025-44163

Severity Score

6.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Relative Path Traversal

CWE-23

Top Fix

Upgrade Version

Upgrade to version https://github.com/RaspAP/raspap-webgui.git - 3.3.6

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-44163

Good to know:

Date: June 26, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?