CVE-2025-34098

Name of the Vulnerable Software and Affected Versions: Riverbed SteelHead VCX versions 9.6.0a

Description: A path traversal vulnerability exists due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.

Recommendations: Riverbed SteelHead VCX version 9.6.0a: Implement strict input validation for the filterStr parameter in the log filter endpoint to prevent the use of file expansion syntax.