QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25069

Published: Jan 31, 2026

Modified: Feb 2, 2026

PUBLISHED

Description

SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can disclose sensitive information and delete critical system files, resulting in data loss and potential system compromise or denial of service.

Vendor	Product	Versions
SunFounder	Pironman Dashboard (pm_dashboard)	affected `0 - <= 1.3.13`

Weaknesses (CWE)

References

https://github.com/sunfounder/pm_dashboard

product

https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L62

issue-tracking

https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L440

issue-tracking

https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-traversal-arbitrary-file-read-deletion

third-party-advisory

https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.