CVE-2025-44177
published 2025-07-09CVE-2025-44177: A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An…
PriorityP182high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.17%
89.6th percentile
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wss | protop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: 'root:.*:0:0:'
- →Detect directory traversal attempts against the /pt3upd/ endpoint by looking for URL-encoded traversal sequences (..%2f) in HTTP GET requests. ↗
- →HTTP responses serving /etc/passwd content will contain 'root:.*:0:0:' in the body and 'application/octet-stream' with 'filename="passwd"' in the response headers. ↗
- →Shodan query 'html:"ProTop"' can be used to identify exposed ProTop instances for proactive scanning. ↗
- →No authentication is required to exploit this vulnerability; monitor for unauthenticated requests to /pt3upd/ containing encoded path traversal patterns. ↗
- ·Vulnerability is confirmed only on ProTop version 4.4.2-2024-11-27; other versions are not confirmed affected. ↗
- ·The exploit was tested and confirmed on a public instance (client.protop.co.za) at time of testing on Ubuntu 22.04 / Linux; behavior on other OS platforms is unconfirmed. ↗
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-98m5-g5jg-4wf7: A directory traversal vulnerability was discovered in White Star Software Protop version 4
ghsa_unreviewed·2025-07-09
CVE-2025-44177 [HIGH] CWE-22 GHSA-98m5-g5jg-4wf7: A directory traversal vulnerability was discovered in White Star Software Protop version 4
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
VulnCheck
wss protop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 8.2
CVE-2025-44177 [HIGH] wss protop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
wss protop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
Affected: wss protop
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-08-12&host_type=src&vulnerability=cve-2025-44177; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-08-13&host_type=src&vuln
No detection rules found.
Exploit-DB
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
exploitdb·2025-07-16·CVSS 8.2
CVE-2025-44177 [HIGH] White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
---
# Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
# Date: 2025-07-09
# Exploit Author: Imraan Khan (Lich-Sec)
# Vendor Homepage: https://wss.com/
# Software Link: https://client.protop.co.za/
# Version: v4.4.2-2024-11-27
# Tested on: Ubuntu 22.04 / Linux
# CVE: CVE-2025-44177
# CWE: CWE-22 - Path Traversal
# Description:
# A Local File Inclusion vulnerability exists in White Star Software Protop v4.4.2.
# An unauthenticated remote attacker can retrieve arbitrary files via
# URL-encoded traversal sequences in the `/pt3upd/` endpoint.
# Vulnerable Endpoint:
GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: client.protop.co.za
User-Agent: curl/8.0
Accept: */*
# E
Nuclei
White Star Software ProTop - Directory Traversal
nuclei·CVSS 8.2
CVE-2025-44177 [HIGH] White Star Software ProTop - Directory Traversal
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
Template:
id: CVE-2025-44177
info:
name: White Star Software ProTop - Directory Traversal
author: s-cu-bot
severity: high
description: |
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
impact: |
Unauthenticated attackers can read arbitrary files from the operating sy
No writeups or analysis indexed.
2025-07-09
Published
Exploited in the wild