StarNet FastX Path Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

A path traversal vulnerability has been identified in StarNet FastX versions 4.0.0 through 4.1.51. This vulnerability allows unauthenticated attackers to read arbitrary files on the server. Exploiting this issue could lead to access to the application's configuration file, which contains the secret key for signing JSON Web Tokens (JWTs). With this key, an attacker could forge valid JWTs, impersonate any user, and execute remote code via authenticated endpoints.

Impact

Successful exploitation allows for arbitrary file reading, with potential access to sensitive information such as the application's JWT signing key, leading to forged JWTs and remote code execution via authenticated endpoints.

Added: Oct 14, 2025, 8:16 PM

Updated: Oct 14, 2025, 8:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

StarNet FastX Path Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating