CVE-2025-34126

HIGH

RIPS Scanner <0.54 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34126. PoCs published by localh0t, including Metasploit module auxiliary/scanner/http/rips_traversal.

AI-analyzed exploit summary This exploit demonstrates local file inclusion vulnerabilities in RIPS <= 0.53, allowing an attacker to read arbitrary files via path traversal in the 'file' parameter of code.php and function.php.

Description

A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by localh0t · textwebappsphp

https://www.exploit-db.com/exploits/18660

View Code ZIP pw:eip

This exploit demonstrates local file inclusion vulnerabilities in RIPS <= 0.53, allowing an attacker to read arbitrary files via path traversal in the 'file' parameter of code.php and function.php.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: RIPS <= 0.53

No auth needed

Prerequisites: Access to the vulnerable RIPS installation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by localh0t · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/rips_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in RIPS Scanner v0.54, allowing arbitrary file reads via a crafted GET request to 'code.php' with a manipulated 'file' parameter. The exploit validates the response and extracts the file content for storage.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: RIPS Scanner v0.54

No auth needed

Prerequisites: Network access to the target web application · RIPS Scanner v0.54 running on the target

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources third-party-advisory exploit

https://codesec.blogspot.com/2015/03/rips-scanner-v-054-local-file-include.html

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/18660

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/rips_traversal.rb

Product product

https://rips-scanner.sourceforge.net/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/rips-scanner-path-traversal

Scores

CVSS v4 8.7

EPSS 0.0140

EPSS Percentile 68.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

RIPS Technologies/RIPS Scanner 0.54

Published Jul 16, 2025

Tracked Since Feb 18, 2026