CVE-2025-27410
Published: 28 February 2025
Description
Adversaries may abuse various implementations of JavaScript for execution.
Security Summary
CVE-2025-27410 is a path traversal vulnerability (CWE-22, CWE-23) in the backup restore functionality of PwnDoc, a penetration test reporting application. In versions prior to 1.2.0, the vulnerability stems from inadequate validation of TAR entry names, enabling attackers to overwrite arbitrary files on the system with attacker-controlled content.
The vulnerability can be exploited remotely over the network by authenticated users possessing both `backups:create` and `backups:update` permissions, which are restricted to administrators by default. Exploitation requires low complexity and no user interaction. An attacker can overwrite a JavaScript file included in the application, followed by restarting the container, to achieve remote code execution with administrator privileges. The CVSS v3.1 base score is 6.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).
PwnDoc version 1.2.0 resolves the issue through a targeted fix in the backup handling code. The GitHub security advisory (GHSA-mxw8-vgvx-89hx), fix commit (98f284291d73d3a0b11d3181d845845c192d1080), and release page (v1.2.0) provide details on the patch and updated code in backend/src/routes/backup.js. Security practitioners should upgrade to version 1.2.0 or later and review access controls for backup permissions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal in web app backup restore allows remote file overwrite to plant malicious JS for RCE on restart, directly mapping to T1190 (exploit public-facing app) and T1059.007 (JavaScript execution).