CRITICAL🇵🇱 Wersja polska

CVE-2025-54339

CVSS 10.0v3.1pub. 2025-11-14upd. 2025-11-19

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.

🤖 AI Analysis
How it works

The flaw lies in the incorrect implementation of access control mechanisms in the Application Server component of the PingAlert product. An attacker can remotely, over the network, invoke operations or resources reserved for privileged users without authentication. The CVSS vector indicates the absence of any prerequisites (AC:L, PR:N, UI:N) and a change in the scope of impact beyond the attacked component (S:C), suggesting the possibility of taking control of system resources beyond the direct reach of the application server.

Impact

An attacker can gain unauthorized, high-level privileges in the system, leading to complete breach of data confidentiality and integrity, as well as partial disruption of service availability.

Mitigation & patch

Apply patches available from the vendor according to the references (https://desktopalert.net/cve-2025-54339/). Until the update is deployed, it is recommended to isolate the PingAlert application server from unauthorized networks and restrict access to it only from trusted IP addresses using a firewall or network rules.

Who is affected

Desktop Alert PingAlert Application Server in versions 6.1.0.11 through 6.1.1.2 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
  • Desktopalert Pingalert Application Server

    APP
    Desktopalert
    6.1.0.11 – 6.1.1.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-54347CRITICAL9.9PL ✓ten sam produkt

Path Traversal w Desktop Alert PingAlert — zapis dowolnych plików

CVE-2025-54343CRITICAL9.6PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Desktop Alert PingAlert — privilege escalation

CVE-2025-54563HIGH7.5ten sam produkt

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert versi...

CVE-2025-54338HIGH7.5ten sam produkt

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert versi...

CVE-2025-54346HIGH7.6ten sam produkt

A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert Ping...