Vulnerability Details : CVE-2023-25168
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.
Products affected by CVE-2023-25168
- cpe:2.3:a:pterodactyl:wings:*:*:*:*:*:*:*:*
- cpe:2.3:a:pterodactyl:wings:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:pterodactyl:wings:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:pterodactyl:wings:1.11.0:-:*:*:*:*:*:*
- cpe:2.3:a:pterodactyl:wings:1.11.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-25168
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-25168
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.2
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H |
1.8
|
5.8
|
NIST | |
9.6
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
3.1
|
5.8
|
GitHub, Inc. |
CWE ids for CVE-2023-25168
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2023-25168
-
https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
Improper Link Resolution allowing the deletion of files and directories on the host system · Advisory · pterodactyl/wings · GitHubVendor Advisory
-
https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
UNIX Symbolic Link (Symlink) Following allowing the creation of files and directory structures on the host system · Advisory · pterodactyl/wings · GitHubVendor Advisory
-
https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
server(filesystem): Delete tweaks · pterodactyl/wings@429ac62 · GitHubPatch;Vendor Advisory
Jump to