Raspap Webgui

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-50428 CRITICAL POC PATCH Act Now

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP Raspap Webgui
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-44163 MEDIUM POC PATCH This Month

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.

PHP Path Traversal Raspap Webgui
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-50428
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP Raspap Webgui
NVD GitHub
CVE-2025-44163
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.

PHP Path Traversal Raspap Webgui
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy