Desktop Alert

About Security Advisories

Security advisories are official notifications about vulnerabilities and security-related issues in Desktop Alert products. They provide details on the problem, its potential impact, and recommendations for mitigation, such as patches or updates.

Security Advisory 2025-10-25
This advisory addresses several vulnerabilities in the Web Application and Desktop Client of affected versions of Desktop Alert (PingAlert). Desktop Alert is not aware of any exploitation of these vulnerabilities.

Desktop Alert has investigated all reports of security vulnerabilities affecting supported products and services. This security advisory has been issued following the completion of a thorough investigation and a software update has been released to address these vulnerabilities. Installing the recommended update in this advisory will help maintain the security of your Desktop Alert product.

Security Bulletin Product CVE ID Publish Date
Arbitrary File Write via Directory Traversal PingAlert Application Server CVE-2025-54347 2025-10-25
Backdoor Authentication Logic in Login Functionality PingAlert Application Server CVE-2025-54339 2025-10-25
SQL Injection PingAlert Application Server CVE-2025-54344 2025-10-25
Broken Authentication PingAlert Application Server CVE-2025-54343 2025-10-25
Hard-coded Credentials and Cryptographic Keys PingAlert Application Server CVE-2025-54341 2025-10-25
Reflected Cross-site Scripting PingAlert Application Server CVE-2025-54346 2025-10-25
Disclosure of User Hashes PingAlert Application Server CVE-2025-54338 2025-10-25
Use of Insecure Hashing Algorithm PingAlert Application Server CVE-2025-54340 2025-10-25
Username Enumeration PingAlert Application Server CVE-2025-54563 2025-10-25
Stored Cross-site Scripting PingAlert Application Serve CVE-2025-54348 2025-10-25
Broken Authorization Schema PingAlert Application Server CVE-2025-54561 2025-10-25
Technical Information Disclosed Through Stack Trace PingAlert Application Server CVE-2025-54562 2025-10-25
Incorrect Path Resolution For Custom Logo Upload Feature PingAlert Application Server CVE-2025-54559 2025-10-25
Password Stored in Clear Text PingAlert Application Server CVE-2025-54342 2025-10-25
Exposure of Credentials via Residual Development Configuration File PingAlert Application Server CVE-2025-54345 2025-10-25
Server-side Request Forgery PingAlert Application Server CVE-2025-54560 2025-10-25
Desktop Alert