Security Advisory

CVE-2025-34239

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-06 19:44:18

Last updated 2025-11-17 19:38:10

Assigner VulnCheck

State PUBLISHED

Description

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.

← Browse all CVEs View on cve.org ↗