Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-32440

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.

Published

2025-05-27T22:15:21.980

Last Modified

2025-07-11T18:58:26.233

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netalertx	netalertx	< 25.4.14	Yes

References

https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14 Release Notes ([email protected])
https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx Vendor Advisory ([email protected])
https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)