CRITICAL🇵🇱 Wersja polska

CVE-2025-54347

CVSS 9.9v3.1pub. 2025-11-24upd. 2025-12-05

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions.

🤖 AI Analysis
How it works

The vulnerability results from improper file path validation on the application server side. An attacker with basic account access (low privileges) can craft a network request containing path traversal sequences (e.g., '../'), which allow escaping the allowed directory and writing files anywhere in the server file system. The attack vector is network-based, requires no user interaction or complex prerequisites, and the consequences extend beyond the application's own context (S:C — scope change).

Impact

An attacker can write arbitrary files to the server file system, which in practice can lead to server takeover, such as by placing malicious executable code, overwriting configuration files, or obtaining persistent access (backdoor). The vulnerability threatens the confidentiality, integrity, and availability of the system at a critical level.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (https://desktopalert.net/cve-2025-54347/). Until the fix is implemented, it is recommended to restrict network access to the PingAlert application server exclusively to trusted hosts and to strengthen monitoring of unauthorized file write operations on the server.

Who is affected

Desktop Alert PingAlert Application Server in versions from 6.1.0.11 to 6.1.1.2 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Desktopalert Pingalert Application Server

    APP
    Desktopalert
    6.1.0.11 – 6.1.1.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2025-54343CRITICAL9.6PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Desktop Alert PingAlert — privilege escalation

CVE-2025-54339CRITICAL10.0PL ✓ten sam produkt

Błędna kontrola dostępu w Desktop Alert PingAlert — privilege escalation przez sieć

CVE-2025-54338HIGH7.5ten sam produkt

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert versi...

CVE-2025-54563HIGH7.5ten sam produkt

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert versi...

CVE-2025-54345HIGH7.5ten sam produkt

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive...