CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34238

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.7%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2025-34238

Advantech » Webaccess/vpn » Version: 1.0.1

cpe:2.3:a:advantech:webaccess/vpn:1.0.1
Advantech » Webaccess/vpn » Version: 1.1.0

cpe:2.3:a:advantech:webaccess/vpn:1.1.0
Advantech » Webaccess/vpn » Version: 1.1.1

cpe:2.3:a:advantech:webaccess/vpn:1.1.1
Advantech » Webaccess/vpn » Version: 1.1.2

cpe:2.3:a:advantech:webaccess/vpn:1.1.2
Advantech » Webaccess/vpn » Version: 1.1.3

cpe:2.3:a:advantech:webaccess/vpn:1.1.3
Advantech » Webaccess/vpn » Version: 1.1.4

cpe:2.3:a:advantech:webaccess/vpn:1.1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34238

Products

Pricing

Contact Us