CVE-2025-32440
CRITICALnetalertx < 25.4.14 - Unauthenticated Settings Update via Crafted Request to index.php
Title source: llmDescription
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx
Release Notes x_refsource_misc
https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14
Scores
CVSS v3
10.0
EPSS
0.0053
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
netalertx/netalertx
< 25.4.14
Published
May 27, 2025
Tracked Since
Feb 18, 2026