About Security Advisories
Security advisories are official notifications about vulnerabilities and security-related issues in Desktop Alert products. They provide details on the problem, its potential impact, and recommendations for mitigation, such as patches or updates.
Security Advisory 2025-10-25
This advisory addresses several vulnerabilities in the Web Application and Desktop Client of affected versions of Desktop Alert (PingAlert). Desktop Alert is not aware of any exploitation of these vulnerabilities.
Desktop Alert has investigated all reports of security vulnerabilities affecting supported products and services. This security advisory has been issued following the completion of a thorough investigation and a software update has been released to address these vulnerabilities. Installing the recommended update in this advisory will help maintain the security of your Desktop Alert product.
| Security Bulletin | Product | CVE ID | Publish Date |
| Arbitrary File Write via Directory Traversal | PingAlert Application Server | CVE-2025-54347 | 2025-10-25 |
| Backdoor Authentication Logic in Login Functionality | PingAlert Application Server | CVE-2025-54339 | 2025-10-25 |
| SQL Injection | PingAlert Application Server | CVE-2025-54344 | 2025-10-25 |
| Broken Authentication | PingAlert Application Server | CVE-2025-54343 | 2025-10-25 |
| Hard-coded Credentials and Cryptographic Keys | PingAlert Application Server | CVE-2025-54341 | 2025-10-25 |
| Reflected Cross-site Scripting | PingAlert Application Server | CVE-2025-54346 | 2025-10-25 |
| Disclosure of User Hashes | PingAlert Application Server | CVE-2025-54338 | 2025-10-25 |
| Use of Insecure Hashing Algorithm | PingAlert Application Server | CVE-2025-54340 | 2025-10-25 |
| Username Enumeration | PingAlert Application Server | CVE-2025-54563 | 2025-10-25 |
| Stored Cross-site Scripting | PingAlert Application Serve | CVE-2025-54348 | 2025-10-25 |
| Broken Authorization Schema | PingAlert Application Server | CVE-2025-54561 | 2025-10-25 |
| Technical Information Disclosed Through Stack Trace | PingAlert Application Server | CVE-2025-54562 | 2025-10-25 |
| Incorrect Path Resolution For Custom Logo Upload Feature | PingAlert Application Server | CVE-2025-54559 | 2025-10-25 |
| Password Stored in Clear Text | PingAlert Application Server | CVE-2025-54342 | 2025-10-25 |
| Exposure of Credentials via Residual Development Configuration File | PingAlert Application Server | CVE-2025-54345 | 2025-10-25 |
| Server-side Request Forgery | PingAlert Application Server | CVE-2025-54560 | 2025-10-25 |
