CVE-2025-44163

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-44163

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-44163.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-44163

Aliases

GHSA-277f-37gw-9gmq

Published

2025-06-27T14:15:37.417Z

Modified

2026-04-10T05:27:09.956220Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command used in shell execution.

References

Affected packages

Git / github.com/raspap/raspap-webgui

Affected ranges

Type

GIT

Repo

https://github.com/raspap/raspap-webgui

Events

Introduced

Last affected

168ed2448f4335eb3bdf7b5ef572b209733302de

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.1"
        }
    ]
}

Affected versions

1.*

1.0

1.3.1

1.4.0

1.4.1

1.5

1.5.1

1.6

1.6.1

1.6.2

2.*

2.0

2.2

2.3

2.3.1

2.4

2.4-beta

2.4.1

2.5

2.5.1

2.5.2

2.6

2.6-beta

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.8.3

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0

3.0-beta

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.3.0

3.3.1

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-44163.json"