CVE-2025-34118

Name of the Vulnerable Software and Affected Versions Linknat VOS Manager versions prior to 2.1.9.07 Linknat VOS2009 Linknat VOS3000 (early builds)

Description A path traversal issue exists in Linknat VOS Manager that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths, such as '/eng/', '/chs/', or '/cht/', where files like 'js/lang en us.js' or their equivalents are loaded. Attackers can bypass input validation and disclose sensitive files by injecting encoded traversal sequences, such as '%c0%ae%c0%ae', into the request path.

Recommendations Update Linknat VOS Manager to version 2.1.9.07 or later. Update Linknat VOS2009 to a newer version. Update Linknat VOS3000 to a newer build.