cbcvebase.
CVE-2025-44177
published 2025-07-09

CVE-2025-44177: A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An…

PriorityP182high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.17%
89.6th percentile
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.

Affected

1 ranges
VendorProductVersion rangeFixed in
wssprotop

Detection & IOCsextracted from sources · hover to see the quote

urlGET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
path/pt3upd/
commandcurl -i 'https://client.protop.co.za/pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd'
yara
regex: 'root:.*:0:0:'
  • Detect directory traversal attempts against the /pt3upd/ endpoint by looking for URL-encoded traversal sequences (..%2f) in HTTP GET requests.
  • HTTP responses serving /etc/passwd content will contain 'root:.*:0:0:' in the body and 'application/octet-stream' with 'filename="passwd"' in the response headers.
  • Shodan query 'html:"ProTop"' can be used to identify exposed ProTop instances for proactive scanning.
  • No authentication is required to exploit this vulnerability; monitor for unauthenticated requests to /pt3upd/ containing encoded path traversal patterns.
  • ·Vulnerability is confirmed only on ProTop version 4.4.2-2024-11-27; other versions are not confirmed affected.
  • ·The exploit was tested and confirmed on a public instance (client.protop.co.za) at time of testing on Ubuntu 22.04 / Linux; behavior on other OS platforms is unconfirmed.

CVSS provenance

nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.