Description

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management. This vulnerability was remediated in version 7.5.021 of the product.

INFO

Published Date :

2025-09-25T14:41:35.939Z

Last Modified :

2025-09-25T16:03:45.231Z

Source :

rapid7
AFFECTED PRODUCTS

The following products are affected by CVE-2025-36857 vulnerability.

Vendors Products
Rapid7
  • Appspider Pro
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-36857.

URL Resource
https://docs.rapid7.com/insight/releasenotes-2025sep/#application-security-insightappsec-and-appspider cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact