CVE-2023-25804
published 2023-03-15CVE-2023-25804: Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.76%
50.7th percentile
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hap-wi | roxy-wi | < 6.3.5.0 | 6.3.5.0 |
| roxy-wi | roxy-wi | < 6.3.5.0 | 6.3.5.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22265 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22265 [HIGH] CVE-2026-22265 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22265 :
Roxy-WI vulnerability analysis and mitigation
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py line 87, where the grep parameter is used twice - once sanitized and once raw. This vulnerability is fixed in 8.2.8.2.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Roxy-WI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.9
Exploitation Probability (EPSS) 0.2
Affected
Wiz
CVE-2026-27811 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-27811 [HIGH] CVE-2026-27811 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27811 :
Roxy-WI vulnerability analysis and mitigation
/config/compare///show
app/modules/config/config.py
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Roxy-WI
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 77.4
Exploitation Probability (EPSS) 1
Affected packages and libraries
cpe:2.3:a:roxy-wi:roxy-wi
Sources
Linux Severity HIGH Has Fix Added at: Mar 19, 2026
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Roxy-WI vulnerabilities:
CVE ID
Severity
Scor
2023-03-15
Published