CVE-2025-36857 in Appspider Pro
Summary
by MITRE • 09/25/2025
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management.
This vulnerability was remediated in version 7.5.021 of the product.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/25/2025
The vulnerability identified as CVE-2025-36857 represents a critical broken access control flaw within Rapid7 AppSpider Pro versions prior to 7.5.021. This weakness specifically targets the application's configuration file handling mechanism, creating a scenario where unauthorized file placement can occur across user and project directories. The vulnerability stems from inadequate directory access controls that fail to properly validate user permissions when processing configuration files, allowing standard users to inject custom configuration files into the system. The flaw manifests through the application's alphabetical file loading process, where attacker-controlled files can be positioned to execute before or alongside legitimate configuration files, effectively hijacking the application's behavior and settings.
The technical implementation of this vulnerability exploits the application's failure to enforce proper access controls during configuration file processing. When standard users can add custom configuration files, they gain the ability to manipulate the application's operational parameters through the alphabetical loading sequence. This creates a privilege escalation vector where a low-privilege user can potentially override critical system settings, modify authentication parameters, or alter security configurations that should only be accessible to administrators. The vulnerability demonstrates a classic lack of input validation and access control enforcement, aligning with CWE-284 which addresses improper access control issues. The flaw is particularly concerning because it allows for configuration-based attacks that can persist across application sessions and potentially compromise the entire security posture of the scanning environment.
The operational impact of CVE-2025-36857 extends beyond simple configuration manipulation, as it can enable attackers to establish persistent access points within the application's security framework. An attacker who successfully places malicious configuration files can effectively alter how the application scans targets, potentially bypassing security controls or creating false positives that could be used to mask actual vulnerabilities. This vulnerability affects the integrity of the application's configuration management system and can lead to unauthorized changes in scanning parameters, credential handling, or reporting mechanisms. The remediation in version 7.5.021 addresses the core issue by implementing proper directory access controls and ensuring that configuration file loading respects user permissions and project boundaries. This fix aligns with ATT&CK technique T1546.003 which covers changes to system level configuration files, and represents a fundamental improvement in the application's privilege management and file access controls.
The remediation approach taken by Rapid7 in version 7.5.021 demonstrates proper vulnerability handling through the implementation of enhanced access control mechanisms. The fix ensures that configuration file loading processes properly validate user permissions and enforce directory boundaries, preventing unauthorized file placement across user projects. This addresses the root cause of the vulnerability by establishing proper access control checks before allowing configuration file processing. The solution likely includes mandatory access control validation, proper user authentication verification, and enforcement of project-specific directory permissions. Organizations should prioritize upgrading to version 7.5.021 or later to mitigate this vulnerability, as the configuration file manipulation capability could be leveraged for more sophisticated attacks including credential theft, bypassing security controls, or creating backdoor access points within the application's scanning infrastructure. The vulnerability serves as a reminder of the critical importance of proper access control implementation in security tools where configuration management directly impacts the tool's security effectiveness and integrity.