CVE-2025-47423

MEDIUM NUCLEI

Personal Weather Station Dashboard 12_lts - Path Traversal

Title source: llm

Description

Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

Exploits (1)

nomisec WRITEUP

by Haluka92 · poc

https://github.com/Haluka92/CVE-2025-47423

View Code ZIP pw:eip

Nuclei Templates (1)

Personal Weather Station Dashboard 12 - Directory Traversal

HIGHby pussycat0x

FOFA: title="PWS Dashboard"

References (2)

[Various Sources] https://github.com/haluka92/CVE-2025-47423

[Various Sources] https://pwsdashboard.com/

Scores

CVSS v3 5.8

EPSS 0.0085

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-24

Status published

Products (1)

pwsdashboard/Personal Weather Station Dashboard 12_lts

Published May 07, 2025

Tracked Since Feb 18, 2026