Rapid7 Appspider Pro
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rapid7 Appspider Pro.
By the Year
In 2026 there have been 0 vulnerabilities in Rapid7 Appspider Pro. Last year, in 2025 Appspider Pro had 2 security vulnerabilities published. Right now, Appspider Pro is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 3.30 |
It may take a day or so for new Appspider Pro vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rapid7 Appspider Pro Security Vulnerabilities
Rapid7 AppSpider Pro < 7.5.021 Project Name Validation Vulnerability
CVE-2025-11195
3.3 - Low
- September 30, 2025
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project names when editing them outside the application in affected versions. This vulnerability was remediated in version 7.5.021 of the product.
Improper Input Validation
Rapid7 Appspider Pro <7.5.021 Broken Access Control in Config Load
CVE-2025-36857
3.3 - Low
- September 25, 2025
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management. This vulnerability was remediated in version 7.5.021 of the product.
Incorrect Default Permissions
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability
CVE-2017-5236
- May 03, 2017
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component
CVE-2017-5240
- May 03, 2017
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability
CVE-2017-5233
- March 02, 2017
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rapid7 Appspider Pro or by Rapid7? Click the Watch button to subscribe.
