CVE-2025-69428
Awaiting Analysis Awaiting Analysis - Queue
Unauthorized Directory Access in Pro-Bit Before v

Publication date: 2026-04-27

Last updated on: 2026-04-28

Assigner: MITRE

Description
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69428
EUVD
EUVD-2025-209579
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pro-bit pro-bit to 1.77.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthenticated attackers to access sensitive directories containing plaintext user credentials, database connection strings, encryption keys, and other critical information. Such exposure of sensitive personal and system data can lead to unauthorized data breaches.

As a result, organizations using affected versions of Pro-Bit may face non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.

Executive Summary

CVE-2025-69428 is a critical access control vulnerability in Pro-Bit versions before v1.77.4. It allows unauthenticated attackers to directly access a sensitive directory and its subdirectories without any authentication or authorization.

The exposed directory contains highly sensitive information such as plaintext user credentials with domain accounts, database connection strings, internal host information, encryption methods, encryption keys, and encrypted service-user passwords.

This flaw enables attackers to gain unauthorized access to critical data, potentially leading to further system compromise.

Impact Analysis

Exploiting this vulnerability can allow attackers to access sensitive information including user credentials, database connection details, and encryption keys.

This unauthorized access can lead to further compromise of the affected system, potentially resulting in data breaches, loss of confidentiality, and unauthorized control over internal resources.

Detection Guidance

This vulnerability allows unauthenticated attackers to directly access a sensitive directory and its subdirectories in Pro-Bit versions prior to v1.77.4. To detect if your system is vulnerable, you can attempt to access the sensitive directory paths without authentication.

For example, you can use commands like curl or wget to try accessing known sensitive directories exposed by the vulnerability:

  • curl -I http://<pro-bit-server>/sensitive-directory/
  • wget --spider http://<pro-bit-server>/sensitive-directory/

If these commands return HTTP 200 OK responses or reveal directory contents without authentication, it indicates the vulnerability is present.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the Pro-Bit application to version 1.77.4 or later, where the issue has been patched.

Until the upgrade can be applied, restrict access to the sensitive directories by implementing network-level controls such as firewall rules or web server access restrictions to prevent unauthenticated access.

Additionally, review and rotate any potentially exposed credentials or encryption keys that might have been compromised due to this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart