Paessler Paessler

  1. Vendors
  2. Paessler

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Paessler product.

RSS Feeds for Paessler security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Paessler products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Paessler Sorted by Most Security Vulnerabilities since 2018

Paessler Prtg Network Monitor31 vulnerabilities

Paessler Network Monitor3 vulnerabilities

Paessler Prtg2 vulnerabilities

Known Exploited Paessler Vulnerabilities

The following Paessler vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Paessler PRTG Network Monitor Local File Inclusion Vulnerability Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).
CVE-2018-19410 Exploit Probability: 93.0% 		February 4, 2025
Paessler PRTG Network Monitor OS Command Injection Vulnerability Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.
CVE-2018-9276 Exploit Probability: 87.5% 		February 4, 2025

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 3 vulnerabilities in Paessler with an average score of 6.0 out of ten. Last year, in 2025 Paessler had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.10




Year Vulnerabilities Average Score
2026 3 6.00
2025 1 6.10
2024 1 6.10
2023 6 6.22
2022 1 5.30
2021 3 5.00
2020 6 7.40
2019 3 0.00
2018 6 8.42

It may take a day or so for new Paessler vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Paessler Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-67833 Jan 14, 2026
PRTG Network Monitor XSS via tag param before 25.4.114 Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.
Prtg Network Monitor
CVE-2025-67834 Jan 14, 2026
PRTG Network Monitor <=25.4.113 XSS via filter parameter Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.
Prtg Network Monitor
CVE-2025-67835 Jan 14, 2026
PRTG Network Monitor <25.4.114 Authenticated DoS via Notification Contacts Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.
Prtg Network Monitor
CVE-2024-12833 Feb 11, 2025
PRTG Network Monitor XSS Auth Bypass via Web Interface Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the PRTG Network Monitor web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23371.
Prtg Network Monitor
CVE-2023-51630 Feb 08, 2024
CVE-2023-51630 PRTG Monitor XSS Auth Bypass Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-21182.
Prtg Network Monitor
CVE-2023-31448 Aug 09, 2023
Path Traversal in PRTG HL7 Sensor before 23.2.84.1566 A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Prtg Network Monitor
CVE-2023-31450 Aug 09, 2023
PRTG 23.2.84.1566 & <23.2.84.1566: Insecure Path Traversal in SQL v2 Sensors A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Prtg Network Monitor
CVE-2023-31449 Aug 09, 2023
PRTG WMI Custom Sensor Path Traversal v23.2.84.1566 A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Prtg Network Monitor
CVE-2023-32781 Aug 09, 2023
PRTG HL7 Sensor Command Injection before 23.2.84.1566 A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Prtg Network Monitor
CVE-2023-31452 Aug 09, 2023
PRTG CSRF token bypass pre-23.2.84.1566; remote privilege escalation A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Prtg Network Monitor
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.