Cyber Resilience

CVE-2025-44177

HighPublic PoC

Published: 09 July 2025

Published
09 July 2025
Modified
18 July 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0927 92.9th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-44177 is a high-severity Path Traversal (CWE-22) vulnerability in Wss Protop. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-14 (Public Access Protections) and SI-10 (Information Input Validation).

Deeper analysis

A directory traversal vulnerability exists in White Star Software Protop version 4.4.2-2024-11-27 within the /pt3upd/ endpoint. The flaw, tracked as CVE-2025-44177 and assigned CWE-22, permits remote retrieval of arbitrary files from the underlying operating system through the use of encoded path traversal sequences. It carries a CVSS 3.1 score of 8.2 reflecting network attack vector, low complexity, and no required authentication or user interaction.

Unauthenticated attackers with network access can exploit the issue to read sensitive files on the host system. The published EPSS score remains flat at 0.0927 with no observed increase after disclosure.

Public references include a technical gist detailing the traversal technique and the vendor site at protop.com, though no specific mitigation guidance or patch information is provided in the available details.

EU & UK References

Vulnerability details

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Directory traversal enables remote arbitrary file read from local system (T1005) via exploitation of a public-facing application endpoint (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-12824Shared CWE-22
CVE-2026-25965Shared CWE-22
CVE-2025-30567Shared CWE-22
CVE-2025-27098Shared CWE-22
CVE-2024-55457Shared CWE-22
CVE-2026-35485Shared CWE-22
CVE-2024-54909Shared CWE-22
CVE-2026-3405Shared CWE-22
CVE-2025-41368Shared CWE-22
CVE-2026-23850Shared CWE-22

Affected Assets

wss
protop
4.4.2-2024-11-27

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates input validation at entry points like the /pt3upd/ endpoint to reject or sanitize encoded directory traversal sequences, directly preventing arbitrary file reads.

prevent

SI-2 requires timely identification, reporting, and patching of flaws such as the directory traversal vulnerability in Protop version 4.4.2-2024-11-27.

prevent

SC-14 restricts unauthorized public access to sensitive information and limits transactions on unauthenticated endpoints like /pt3upd/ to block arbitrary file disclosure.

References