CVE-2025-54347 – A directory traversal vulnerability in Desktop ... (How to Fix)

Q: What is the severity of CVE-2025-54347?

CVE-2025-54347 has a CVSS score of 9.9 (CRITICAL). A directory traversal vulnerability in Desktop Alert PingAlert Application Server versions 6.1.0.11 to 6.1.1.2 allows attackers to write arbitrary files to the server filesystem. This affects organizations using vulnerable versions of the Desktop Alert notification system. Attackers could potentially overwrite critical system files or deploy malicious payloads.

📋 TL;DR

A directory traversal vulnerability in Desktop Alert PingAlert Application Server versions 6.1.0.11 to 6.1.1.2 allows attackers to write arbitrary files to the server filesystem. This affects organizations using vulnerable versions of the Desktop Alert notification system. Attackers could potentially overwrite critical system files or deploy malicious payloads.

💻 Affected Systems

Products:

Desktop Alert PingAlert Application Server

Versions: 6.1.0.11 to 6.1.1.2

Operating Systems: Windows Server (primary deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Pingalert Application Server by Desktopalert

View all CVEs affecting Pingalert Application Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary file write leading to remote code execution, data destruction, or persistent backdoor installation.

🟠

Likely Case

File system manipulation allowing data exfiltration, service disruption, or privilege escalation through configuration file modification.

🟢

If Mitigated

Limited impact if proper file permissions, network segmentation, and input validation are implemented.

🌐 Internet-Facing: HIGH - If the Application Server is exposed to the internet, attackers can directly exploit this vulnerability without internal access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to move laterally or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.1.3 or later

Vendor Advisory: https://desktopalert.net/cve-2025-54347/

Restart Required: Yes

Instructions:

1. Download the latest version from Desktop Alert's official website. 2. Backup current configuration and data. 3. Run the installer to upgrade to version 6.1.1.3 or later. 4. Restart the Application Server service.

🔧 Temporary Workarounds

Network Access Restriction

windows

Restrict network access to the Application Server to only trusted IP addresses or internal networks.

Use Windows Firewall: New-NetFirewallRule -DisplayName "Block PingAlert External" -Direction Inbound -Protocol TCP -LocalPort 80,443 -RemoteAddress Internet -Action Block

File System Permissions

windows

Apply strict file permissions to limit what directories the Application Server can write to.

icacls "C:\Program Files\Desktop Alert\" /deny "Everyone":(OI)(CI)(W)

🧯 If You Can't Patch

Isolate the Application Server in a dedicated network segment with strict firewall rules.
Implement web application firewall (WAF) rules to block directory traversal patterns in HTTP requests.

🔍 How to Verify

Check if Vulnerable:

Check the Application Server version in the web interface or configuration files. Look for version numbers between 6.1.0.11 and 6.1.1.2.

Check Version:

Check the web interface at http://[server-ip]/status or examine the installation directory's version.txt file.

Verify Fix Applied:

Confirm the version is 6.1.1.3 or higher. Test that directory traversal attempts (e.g., '../../') in file upload or path parameters are properly rejected.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' or '..\' patterns in file paths
Unexpected file write operations in Application Server logs
Failed authentication attempts followed by file manipulation requests

Network Indicators:

HTTP POST/PUT requests with path traversal sequences to the Application Server port
Unusual outbound connections from the Application Server after exploitation

SIEM Query:

source="pingalert.log" AND ("..\" OR "../" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2025-54347

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.44% exploit probability (62.8th percentile)

Published: November 24, 2025

Last Updated: December 5, 2025

🔗 References

https://desktopalert.net/cve-2025-54347/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54347, you might also want to check these: