This page lists publicly disclosed CVE vulnerabilities affecting rapid7 appspider_pro (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-11195 | Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product. | [email protected] | 3.3 | 0.01% | 2025-09-30 | 2025-10-08 |
| CVE-2025-36857 | Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from | [email protected] | 3.3 | 0.01% | 2025-09-25 | 2025-12-11 |
| CVE-2025-4951 | Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018 | [email protected] | 4.6 | 0.07% | 2025-05-20 | 2025-12-11 |
| CVE-2017-5240 | Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. | [email protected] | 7.5 | 0.39% | 2017-05-03 | 2026-05-13 |
| CVE-2017-5236 | Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | [email protected] | 7.8 | 0.26% | 2017-05-03 | 2026-05-13 |
| CVE-2017-5233 | Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | [email protected] | 7.8 | 0.19% | 2017-03-02 | 2026-05-13 |