VDB
CVE-2026-25069
CVE-2026-25069
PUBLISHED
CVSS 9.300000190734863 CRITICAL
SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can disclose sensitive information and delete critical system files, resulting in data loss and potential system compromise or denial of service.
EPSS 0.28% · 51.2th percentile
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.28%
51.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SunFounder | Pironman Dashboard (pm_dashboard) | 0, 0, 0 |
Timeline
- Jan 31, 2026 CVE Published
- Feb 1, 2026 EPSS Score
- Feb 1, 2026 PoC Published
- Feb 2, 2026 CVE Updated
- Feb 3, 2026 EPSS Score
- Feb 5, 2026 PoC Published
- Feb 6, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
References
- https://github.com/sunfounder/pm_dashboard url
- https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L62 issue
- https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L440 issue
- https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-traversal-arbitrary-file-read-deletion third-party-advisory
- https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3 exploit
- https://nvd.nist.gov/vuln/detail/CVE-2026-25069 advisory