CVE-2025-36857
CVE-2025-36857 — Rapid7 Appspider Pro versions prior to 7.5.021 suffer a broken access control in the configuration file loading mechanism. The issue allows a standard user to place custom configuration files in other users’ or projects’ directories, and since files are loaded in alphabetical ord...