CVE-2025-32440CRITICAL 9.8EPSS p40.3%

CVE-2025-32440CVE-2025-32440

Description

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.3% · 2026-06-21T12:00:28Z
Published2025-05-27
Last modified2025-07-11

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14
  2. https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx
  3. https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-48952
CVE
CVE-2025-41734
CVE
CVE-2025-45612
CVE
CVE-2025-40886
CVE
CVE-2025-11366
CVE
CVE-2025-27540
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.