CVE-2025-44177HIGH 8.2EPSS p89.6%

CVE-2025-44177CVE-2025-44177

Description

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS4.17% probability of exploitation · percentile 89.6% · 2026-06-18T12:00:27Z
Published2025-07-09
Last modified2025-07-18

Underlying weaknesses· 1

CWE-22

References

  1. https://gist.github.com/stSLAYER/4a2ecfbab1215a0be0dde59c4ac0122d
  2. https://protop.com

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Progress WhatsUp Gold Path Traversal Vulnerability
CVE
CVE-2025-49415
CVE
CVE-2025-39491
CVE
CVE-2024-8262
CVE
CVE-2025-14850
CVE
CVE-2025-41723
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.