CVE-2025-32440: NetAlertX Vulnerable to Authentication Bypass

10.0 CVSS

Description

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.

Classification

CVE ID: CVE-2025-32440

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-306: Missing Authentication for Critical Function

Affected Products

Vendor: jokob-sk

Product: NetAlertX

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 23.62% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32440
https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx
https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14

Timeline

2025-05-27 22:40:14 UTC
CVE

NetAlertX Vulnerable to Authentication Bypass