{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69428", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-28T15:45:31.512Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T18:57:04.299Z"}, "descriptions": [{"lang": "en", "value": "An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/jasetpen/CVE-2025-69428"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T14:51:11.277547Z", "id": "CVE-2025-69428", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:45:31.512Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/jasetpen/CVE-2025-69428"}], "descriptions": [{"lang": "en", "value": "An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T18:57:04.299Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69428", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T14:51:11.277547Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-28T14:52:26.902Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-69428", "state": "PUBLISHED", "dateUpdated": "2026-04-27T18:57:04.299Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories."}], "id": "CVE-2025-69428", "lastModified": "2026-04-28T16:16:06.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-27T19:16:46.850", "references": [{"source": "cve@mitre.org", "url": "https://github.com/jasetpen/CVE-2025-69428"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.77.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "pro-bit", "vendor": "pro-bit"}], "analysis": {"en": {"generated_at": "2026-04-29T01:36:18.813332+00:00", "value": {"mitigation_remediation": ["Upgrade Pro-Bit to version 1.77.4 or later", "Disable directory listing and enforce authentication for the sensitive directory via web server configuration (e.g., add an access control rule or .htaccess file)", "Move the sensitive directory outside the web document root or otherwise restrict its visibility to the application only", "Perform a security audit to identify and remediate any other unprotected directories"], "summary": {"action": "Apply Patch", "impact": "Unauthorized data exposure through unprotected directory access"}, "threat_synthesis": {"affected_systems": "The issue affects the Pro-Bit application versions before 1.77.4. Users running any edition of the software prior to that release are potentially impacted. The CVE description does not specify vendor or product sub-categories beyond the generic Pro-Bit identifier, and no further version details are provided.", "description_and_impact": "This vulnerability permits attackers to read the contents of a sensitive directory and all its subdirectories without requiring any authentication, as stated in the description. Based on the description, it is inferred that the application does not enforce access controls for that directory, allowing attackers to retrieve files that may contain confidential information. Consequently, the confidentiality of the data stored in that directory is compromised while its integrity and availability remain unaffected.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high level of risk, and the lack of authentication requirements is explicitly stated in the CVE description. Based on the description, the presence of an exposed directory suggests that exploitation could occur in the real world, despite the EPSS score being < 1%. The likely attack vector appears to be direct access to the exposed URL path, which may be available over the network or locally, as no privilege escalation is required. The vulnerability is not listed in CISA\u2019s KEV catalog, meaning no catalogued exploits are known, but this does not lower its potential impact."}}}}, "created": "2026-04-28T09:17:36.579757+00:00", "title": "Unauthenticated Directory Exposure in Pro-Bit Prior to v1.77.4", "updated": "2026-04-29T01:45:26.019233+00:00", "vendors": ["pro-bit", "pro-bit$PRODUCT$pro-bit"]}