CVE-2025-47423
published 2025-05-07CVE-2025-47423: Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to…
PriorityP347medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EXPLOIT
EPSS
2.11%
79.5th percentile
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pwsdashboard | personal_weather_station_dashboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Personal Weather Station Dashboard 12 - Directory Traversal
nuclei·CVSS 5.8
CVE-2025-47423 [MEDIUM] Personal Weather Station Dashboard 12 - Directory Traversal
Personal Weather Station Dashboard 12 - Directory Traversal
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.
Template:
id: CVE-2025-47423
info:
name: Personal Weather Station Dashboard 12 - Directory Traversal
author: pussycat0x
severity: high
description: |
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.
impact: |
Unauthenticated attackers can read arbitrary files including private SSL keys th
2025-05-07
Published