CVE-2025-34047

Name of the Vulnerable Software and Affected Versions: Leadsec SSL VPN (formerly Lenovo NetGuard) (affected versions not specified)

Description: A path traversal issue exists, allowing unauthenticated attackers to read arbitrary files on the system via the ostype parameter in the "/vpn/user/download/client" endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.