cvedb.io
CVE-2025-44163
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2025-06-27T14:15:37.417 · Last modified 2026-06-17T09:25:00.407

Summary

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse of the `tee` command used in shell execution.

Affected products

raspap — raspap-webgui

Does this affect you?

Add your gear to cvedb and we'll alert you only when raspap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.