CVE-2021-40875

HIGH EXPLOITED NUCLEI

Gurock TestRail <7.2.0.3014 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-40875 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Sick Codes, SakuraSamuraii. A Nuclei detection template is also available.

AI-analyzed exploit summary This script exploits an improper access control vulnerability in Gurock TestRail by fetching a list of application files from /files.md5 and testing their accessibility. It identifies sensitive files that may disclose hardcoded credentials or other sensitive data.

Description

Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.

Exploits (2)

exploitdb WORKING POC
by Sick Codes · bashwebappsmultiple
https://www.exploit-db.com/exploits/50320

This script exploits an improper access control vulnerability in Gurock TestRail by fetching a list of application files from /files.md5 and testing their accessibility. It identifies sensitive files that may disclose hardcoded credentials or other sensitive data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Gurock TestRail < 7.2.0.3014
No auth needed
Prerequisites: Network access to the target TestRail instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 8 stars
by SakuraSamuraii · poc
https://github.com/SakuraSamuraii/derailed

This PoC exploits CVE-2021-40875, an improper access control vulnerability in Gurock TestRail, to expose sensitive file paths via the /files.md5 endpoint. The Python script fetches and processes the file list, while the Bash script automates downloading and filtering accessible files.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Gurock TestRail < 7.2.0.3014
No auth needed
Prerequisites: Network access to the TestRail instance · Exposed /files.md5 endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Gurock TestRail Application files.md5 Exposure
HIGHby oscarintherocks
Shodan: http.html:"TestRail" || http.html:"testrail"
FOFA: body="testrail"

References (4)

Core 4
Core References
Product, Vendor Advisory x_refsource_misc
https://www.gurock.com/testrail/tour/enterprise-edition
Exploit, Third Party Advisory x_refsource_misc
https://johnjhacking.com/blog/cve-2021-40875/
Third Party Advisory x_refsource_misc
https://github.com/SakuraSamuraii/derailed

Scores

CVSS v3 7.5
EPSS 0.4842
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-08-18
CWE
CWE-425
Status published
Products (1)
gurock/testrail < 7.2.0.3014
Published Sep 22, 2021
Tracked Since Feb 18, 2026