CVE-2023-25168

moderate-risk
Published 2023-02-09

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.

Do I need to act?

-
0.78% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Wings
Wings
Wings
Wings
Wings

Affected Vendors

Pterodactyl

References (6)

Patch https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25...
Vendor Advisory https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
Vendor Advisory https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
Patch https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25...
Vendor Advisory https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
Vendor Advisory https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 12/34 · Low