CVE-2025-69428

HIGH

Pro-Bit < 1.77.4 - Unauthenticated Sensitive Directory Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-69428. PoCs published by jasetpen.

AI-analyzed exploit summary This repository contains a detailed security advisory for CVE-2025-69428, describing an unauthenticated access control vulnerability in Pro-Bit application versions below v1.77.4. The advisory outlines the exposure of sensitive files, including credentials and encryption keys, but does not include exploit code.

Description

An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.

Exploits (1)

github WRITEUP

by jasetpen · poc

https://github.com/jasetpen/CVE-2025-69428

View Code ZIP pw:eip

This repository contains a detailed security advisory for CVE-2025-69428, describing an unauthenticated access control vulnerability in Pro-Bit application versions below v1.77.4. The advisory outlines the exposure of sensitive files, including credentials and encryption keys, but does not include exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pro-Bit application < v1.77.4

No auth needed

Prerequisites: network access to the vulnerable application

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (1)

Core 1

Core References

https://github.com/jasetpen/CVE-2025-69428

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-552

Status published

Published Apr 27, 2026

Tracked Since Apr 28, 2026