Rapid7 AppSpider Project Name Validation Bypass_CVE-2025-11195

3.3 / 10

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product.

Basic Information

ID CVE-2025-11195

Source rapid7

Published Sep 30, 2025 at 18:12

Affected Product

Vendor Rapid7

Product AppSpider Pro

Affected Versions Rapid7 AppSpider Pro 0

CWE Classification

CWE-20 CWE-345

References

docs.rapid7.com /insight/releasenotes-2025sep/

{
    "lastseen": "",
    "description": "Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product.",
    "published": "2025-09-30T18:12:50.204Z",
    "modified": "2025-09-30T18:12:50.204Z",
    "type": "cve",
    "title": "Rapid7 AppSpider Project Name Validation Bypass",
    "source": "rapid7",
    "references": "https://docs.rapid7.com/insight/releasenotes-2025sep/#application-security-insightappsec-and-appspider",
    "id": "CVE-2025-11195",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-345"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 AppSpider Pro 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AppSpider Pro",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}