Primary

Context

Rapid7 Appspider Pro Broken Access Control Vulnerability Allowing Unauthorized File Overwrite

Vulnerability

Patched

A broken access control vulnerability has been identified in Rapid7 Appspider Pro versions prior to 7.5.021. The issue arises in the application's configuration file loading mechanism, where standard users can place custom configuration files in directories belonging to other users or projects. These custom files are loaded in alphabetical order and can override original configuration settings, creating a security risk. The vulnerability is rooted in improper management of directory access.

Impact

Exploitation of this vulnerability allows standard users to manipulate configuration files in a way that could override critical application settings, potentially leading to unauthorized changes in application behavior or security posture.

Remediation

Users can upgrade to Rapid7 Appspider Pro version 7.5.021 or later to address this vulnerability.

Added: Sep 25, 2025, 3:27 PM

Updated: Sep 25, 2025, 3:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.5

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.5

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rapid7 Appspider Pro Broken Access Control Vulnerability Allowing Unauthorized File Overwrite

Vulnerability

Impact

Remediation

Affected Products

Rapid7 Appspider Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating