Product: PNETLab

Affected Version: 4.2.10

Severity: High

Vulnerability Details Description: A path traversal vulnerability has been identified in PNETLab version 4.2.10. The application fails to properly sanitize user input in its file access mechanisms. This allows an attacker to manipulate file paths in HTTP requests to access sensitive files outside of the intended directory.

Impact: Exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive files on the system, potentially leading to data breaches and system compromise.

Steps to Reproduce:

1. Identify a vulnerable PNETLab instance.

2. Craft a malicious HTTP request with a manipulated file path.

3. Send the request to the server to access files outside the authorized directory.

Reference:

• Path Traversal vulnerability in PNETLab - INCIBE

• CVE-2025-40629

• INCIBE-2025-0246