Description
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
Published: 2026-04-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data exposure through unprotected directory access
Action: Apply Patch
AI Analysis

Impact

This vulnerability permits attackers to read the contents of a sensitive directory and all its subdirectories without requiring any authentication, as stated in the description. Based on the description, it is inferred that the application does not enforce access controls for that directory, allowing attackers to retrieve files that may contain confidential information. Consequently, the confidentiality of the data stored in that directory is compromised while its integrity and availability remain unaffected.

Affected Systems

The issue affects the Pro-Bit application versions before 1.77.4. Users running any edition of the software prior to that release are potentially impacted. The CVE description does not specify vendor or product sub-categories beyond the generic Pro-Bit identifier, and no further version details are provided.

Risk and Exploitability

The CVSS score of 7.5 indicates a high level of risk, and the lack of authentication requirements is explicitly stated in the CVE description. Based on the description, the presence of an exposed directory suggests that exploitation could occur in the real world, despite the EPSS score being < 1%. The likely attack vector appears to be direct access to the exposed URL path, which may be available over the network or locally, as no privilege escalation is required. The vulnerability is not listed in CISA’s KEV catalog, meaning no catalogued exploits are known, but this does not lower its potential impact.

Generated by OpenCVE AI on April 29, 2026 at 01:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Pro-Bit to version 1.77.4 or later
  • Disable directory listing and enforce authentication for the sensitive directory via web server configuration (e.g., add an access control rule or .htaccess file)
  • Move the sensitive directory outside the web document root or otherwise restrict its visibility to the application only
  • Perform a security audit to identify and remediate any other unprotected directories

Generated by OpenCVE AI on April 29, 2026 at 01:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/jasetpen/CVE-2025-69428 cve-icon cve-icon
History

Wed, 29 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Directory Exposure in Pro-Bit Prior to v1.77.4

Tue, 28 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-552
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Pro-bit
Pro-bit pro-bit
Vendors & Products Pro-bit
Pro-bit pro-bit

Mon, 27 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
References

Subscriptions

Pro-bit Pro-bit
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T15:45:31.512Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69428

cve-icon Vulnrichment

Updated: 2026-04-28T14:52:26.902Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T19:16:46.850

Modified: 2026-04-28T16:16:06.093

Link: CVE-2025-69428

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:45:26Z

Weaknesses
  • CWE-552

    Files or Directories Accessible to External Parties