An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
The flaw lies in the incorrect implementation of access control mechanisms in the Application Server component of the PingAlert product. An attacker can remotely, over the network, invoke operations or resources reserved for privileged users without authentication. The CVSS vector indicates the absence of any prerequisites (AC:L, PR:N, UI:N) and a change in the scope of impact beyond the attacked component (S:C), suggesting the possibility of taking control of system resources beyond the direct reach of the application server.
An attacker can gain unauthorized, high-level privileges in the system, leading to complete breach of data confidentiality and integrity, as well as partial disruption of service availability.
Apply patches available from the vendor according to the references (https://desktopalert.net/cve-2025-54339/). Until the update is deployed, it is recommended to isolate the PingAlert application server from unauthorized networks and restrict access to it only from trusted IP addresses using a firewall or network rules.
Desktop Alert PingAlert Application Server in versions 6.1.0.11 through 6.1.1.2 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:LDesktopalert Pingalert Application Server
APPDesktopalert6.1.0.11 – 6.1.1.4 (bez)
Related vulnerabilities
Path Traversal w Desktop Alert PingAlert — zapis dowolnych plików
Nieprawidłowa kontrola dostępu w Desktop Alert PingAlert — privilege escalation
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert versi...
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert versi...
A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert Ping...