cbcvebase.
CVE-2025-47423
published 2025-05-07

CVE-2025-47423: Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to…

PriorityP347medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EXPLOIT
EPSS
2.11%
79.5th percentile
Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

Affected

1 ranges
VendorProductVersion rangeFixed in
pwsdashboardpersonal_weather_station_dashboard
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.