CVE-2026-25069

N/A Unknown
Published: February 01, 2026 Modified: February 03, 2026
View on NVD

Description

SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can disclose sensitive information and delete critical system files, resulting in data loss and potential system compromise or denial of service.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3
Source: disclosure@vulncheck.com
https://github.com/sunfounder/pm_dashboard
Source: disclosure@vulncheck.com
https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L440
Source: disclosure@vulncheck.com
https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L62
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-traversal-arbitrary-file-read-deletion
Source: disclosure@vulncheck.com

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
50th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-34005 8.8
CVE-2026-5046 8.8
CVE-2026-5045 8.8
CVE-2026-5044 8.8
CVE-2026-33575 7.5