CVE-2023-25289

HIGH

virtualreception Digital Receptie win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 - Path Traversal via Crafted GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-25289. PoCs published by Spinae.

AI-analyzed exploit summary This is a writeup describing an unauthenticated directory traversal vulnerability in Virtual Reception v1.0. It provides example URLs to exploit the vulnerability and access sensitive files on the Windows system.

Description

Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.

Exploits (1)

exploitdb WRITEUP

by Spinae · textwebappsmultiple

https://www.exploit-db.com/exploits/51142

View Code ZIP pw:eip

This is a writeup describing an unauthenticated directory traversal vulnerability in Virtual Reception v1.0. It provides example URLs to exploit the vulnerability and access sensitive files on the Windows system.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Virtual Reception v1.0

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51142

Scores

CVSS v3 7.5

EPSS 0.0769

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

virtualreception/digital_reciptie win7sp1_rtm.101119-1850_6.1.7601.1.0.65792

Published May 04, 2023

Tracked Since Feb 18, 2026