CVE-2025-34047

by Fred · 26/06/2025

A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files.

More information : https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2021/CNVD-2021-64035.yaml

CVE-2025-34047

Similar

Recent Posts

Categories

CVE-2025-34047

Share this:

Similar

Recent Posts

Categories

Tags