The White Star Software Protop version 4.4.2-2024-11-27 is affected by a Local File Inclusion (LFI) vulnerability identified as CVE-2025-44177. This vulnerability stems from improper input validation in the `/pt3upd/` web endpoint, which allows an unauthenticated remote attacker to exploit URL-encoded directory traversal sequences to access arbitrary files on the server's filesystem. The exploit involves sending crafted HTTP GET requests containing encoded traversal patterns such as '..%2f..%2f..%2f..%2fetc%2fpasswd' to retrieve sensitive files like `/etc/passwd`. The vulnerability is classified under CWE-22 (Path Traversal) and was confirmed on a public instance running Ubuntu 22.04. The exploit requires no authentication or user interaction, making it remotely exploitable over the network. The disclosed CVSS v3.1 base score is 8.2, indicating high severity; however, the provided data states no CVSS score is present, so a severity assessment is included below. The vendor was notified promptly and has issued a patch to remediate the issue. Public exploit code is available in plain text, which increases the risk of exploitation by malicious actors. The vulnerability allows attackers to disclose sensitive configuration files and credentials, potentially leading to further compromise such as privilege escalation or lateral movement within affected networks.

For European organizations using White Star Software Protop 4.4.2, this LFI vulnerability poses a significant risk to confidentiality and integrity. Successful exploitation can lead to unauthorized disclosure of sensitive internal files, including system configuration and credential files, which can be leveraged for further attacks. This can result in data breaches, regulatory non-compliance (notably GDPR violations), reputational damage, and operational disruptions. The unauthenticated and remote nature of the exploit increases the attack surface, allowing attackers to target exposed instances easily. Organizations in sectors with critical infrastructure or sensitive data—such as finance, healthcare, and government—are particularly vulnerable. The vulnerability could also serve as a foothold for advanced persistent threats aiming for privilege escalation or lateral movement within networks. Although no known exploits are currently observed in the wild, the public availability of exploit code heightens the likelihood of imminent exploitation attempts.

European organizations should immediately verify if they are running the affected version (4.4.2-2024-11-27) of White Star Software Protop and apply the vendor-provided patch without delay. If immediate patching is not feasible, implement strict Web Application Firewall (WAF) rules to detect and block URL-encoded directory traversal patterns targeting the `/pt3upd/` endpoint. Conduct comprehensive input validation and sanitization on all user-supplied parameters to prevent directory traversal attacks. Restrict access to the vulnerable endpoint to trusted internal networks or via VPN where possible. Enhance monitoring and logging to detect suspicious access patterns indicative of LFI attempts, and establish alerting mechanisms for such events. Regularly audit and harden server file permissions to minimize exposure of sensitive files. Finally, perform penetration testing and vulnerability scanning to confirm remediation and identify any similar vulnerabilities in other endpoints.