Vulnerability Description
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included `.js` file and restarting the container, this allows for Remote Code Execution as an administrator. The remote code execution occurs because any user with the `backups:create` and `backups:update` (only administrators by default) is able to overwrite any file on the system. Version 1.2.0 fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pwndoc Project | Pwndoc | < 1.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/bProduct
- https://github.com/pwndoc/pwndoc/commit/98f284291d73d3a0b11d3181d845845c192d1080Patch
- https://github.com/pwndoc/pwndoc/releases/tag/v1.2.0Release Notes
- https://github.com/pwndoc/pwndoc/security/advisories/GHSA-mxw8-vgvx-89hxExploitVendor Advisory
- https://github.com/pwndoc/pwndoc/security/advisories/GHSA-mxw8-vgvx-89hxExploitVendor Advisory
FAQ
What is CVE-2025-27410?
CVE-2025-27410 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite ...
How severe is CVE-2025-27410?
CVE-2025-27410 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27410?
Check the references section above for vendor advisories and patch information. Affected products include: Pwndoc Project Pwndoc.