Skip to main content
CVE-2026-25069 CRITICAL POC Act Now

Unauthenticated arbitrary file read and delete in SunFounder's Pironman Dashboard (pm_dashboard) 1.3.13 and earlier lets remote attackers abuse a path-traversal flaw in the log-file API to exfiltrate sensitive files and destroy critical system files. The dashboard runs on Raspberry Pi power/cooling hardware, so a successful attack can disclose configuration/secrets and cause data loss or denial of service. Publicly available exploit code exists; no active exploitation is confirmed, and EPSS remains low (0.20%).

Denial Of Service Path Traversal
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy