CVE-2025-69428
Unauthorized Directory Access in Pro-Bit Before v
Publication date: 2026-04-27
Last updated on: 2026-04-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pro-bit | pro-bit | to 1.77.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to access sensitive directories containing plaintext user credentials, database connection strings, encryption keys, and other critical information. Such exposure of sensitive personal and system data can lead to unauthorized data breaches.
As a result, organizations using affected versions of Pro-Bit may face non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.
Can you explain this vulnerability to me?
CVE-2025-69428 is a critical access control vulnerability in Pro-Bit versions before v1.77.4. It allows unauthenticated attackers to directly access a sensitive directory and its subdirectories without any authentication or authorization.
The exposed directory contains highly sensitive information such as plaintext user credentials with domain accounts, database connection strings, internal host information, encryption methods, encryption keys, and encrypted service-user passwords.
This flaw enables attackers to gain unauthorized access to critical data, potentially leading to further system compromise.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow attackers to access sensitive information including user credentials, database connection details, and encryption keys.
This unauthorized access can lead to further compromise of the affected system, potentially resulting in data breaches, loss of confidentiality, and unauthorized control over internal resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows unauthenticated attackers to directly access a sensitive directory and its subdirectories in Pro-Bit versions prior to v1.77.4. To detect if your system is vulnerable, you can attempt to access the sensitive directory paths without authentication.
For example, you can use commands like curl or wget to try accessing known sensitive directories exposed by the vulnerability:
- curl -I http://<pro-bit-server>/sensitive-directory/
- wget --spider http://<pro-bit-server>/sensitive-directory/
If these commands return HTTP 200 OK responses or reveal directory contents without authentication, it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the Pro-Bit application to version 1.77.4 or later, where the issue has been patched.
Until the upgrade can be applied, restrict access to the sensitive directories by implementing network-level controls such as firewall rules or web server access restrictions to prevent unauthenticated access.
Additionally, review and rotate any potentially exposed credentials or encryption keys that might have been compromised due to this vulnerability.