CVE-2025-47423
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to read arbitrary files on servers running Personal Weather Station Dashboard 12_lts via directory traversal. Attackers can access sensitive files like SSL private keys, configuration files, and system files. All deployments of the affected version are vulnerable if exposed to network access.
💻 Affected Systems
- Personal Weather Station Dashboard
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via theft of SSL private keys, administrative credentials, or other sensitive files leading to data breach, lateral movement, or ransomware deployment.
Likely Case
Exfiltration of sensitive configuration files, SSL certificates, or system files that could enable further attacks or credential theft.
If Mitigated
Limited impact if file access is restricted by additional controls, though sensitive information disclosure still occurs.
🎯 Exploit Status
Exploitation requires only a web browser or curl command with directory traversal payloads. The GitHub reference shows working proof-of-concept.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://pwsdashboard.com/
Restart Required: No
Instructions:
1. Check vendor website for security updates
2. If patch available, download and apply
3. Remove or secure the vulnerable _test.php file
4. Monitor vendor communications for official fix
🔧 Temporary Workarounds
Remove vulnerable endpoint
allDelete or restrict access to the /others/_test.php file
rm /path/to/installation/others/_test.php
Web server access control
allBlock access to the vulnerable path using web server configuration
# Apache: <Location "/others/_test.php">
# Require all denied
# </Location>
# Nginx: location ~ /others/_test\.php$ { deny all; }
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system from sensitive networks
- Deploy web application firewall (WAF) with directory traversal protection rules
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[target]/others/_test.php?test=../../../../etc/passwd and check if file contents are returnedCheck Version:
Check dashboard interface or configuration files for version informationVerify Fix Applied:
Verify the _test.php file no longer exists or returns access denied, and directory traversal attempts fail📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /others/_test.php with ../ sequences in parameters
- Unusual file access patterns from web server process
Network Indicators:
- HTTP GET requests with directory traversal patterns in query strings
- Traffic to the vulnerable endpoint from unexpected sources
SIEM Query:
source="web_server_logs" AND uri_path="/others/_test.php" AND query_string="*../*"