CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 are affected by a project name validation bypass. The issue arises from insufficient verification of project name uniqueness when editing the configuration file outside the application, allowing an attacker to set a project name to one that already exis...

PT-2025-40014

Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider Pro versions prior to 7.5.021 Description Rapid7 AppSpider Pro versions below 7.5.021 have a project name validation issue. An attacker can modify the project name directly in the configuration file to a name that already exis...

CVE-2025-36857

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

PT-2025-39395

Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...