CVE-2026-25069
Path Traversal in SunFounder pm_dashboard Allows File Deletion
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sunfounder | pm_dashboard | to 1.3.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25069 is a path traversal vulnerability in SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and earlier. It exists in the log file API endpoints where an unauthenticated remote attacker can supply traversal sequences via the filename parameter. This allows the attacker to read and delete arbitrary files on the system by bypassing pathname restrictions intended to confine file operations to a restricted directory. [3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to disclosure of sensitive information, deletion of critical system files, data loss, potential system compromise, or denial of service. Since the attacker does not need to be authenticated, the risk is high and can severely impact system integrity and availability. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring HTTP requests to the log file API endpoints for suspicious usage of the 'filename' parameter containing path traversal sequences such as '../'. Network traffic inspection tools or web server logs can be used to identify such attempts. For example, using grep on web server logs: grep -E "filename=.*\.\./" /var/log/nginx/access.log or using tools like tcpdump or Wireshark to filter HTTP requests with suspicious parameters. Additionally, checking for unexpected file deletions or access in the system logs may indicate exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable log file API endpoints, applying input validation or sanitization on the 'filename' parameter to prevent path traversal sequences, and updating or patching the pm_dashboard application to a version that fixes this vulnerability. If an update is not available, consider disabling the affected API endpoints or deploying web application firewall (WAF) rules to block requests containing path traversal patterns. Monitoring for suspicious activity and backing up critical data are also recommended to reduce impact. [3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote attackers to read and delete arbitrary files, potentially disclosing sensitive information and causing data loss or system compromise. Such unauthorized disclosure and loss of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data integrity and availability. [3]