PT-2025-33096 · Unknown · Unform Server Manager
Jan Rodriguez
·
Published
2025-08-13
·
Updated
2025-08-14
·
CVE-2025-34154
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
UnForm Server Manager versions prior to 10.1.12
Description:
UnForm Server Manager versions prior to 10.1.12 contain an unauthenticated file read flaw in the log file analysis interface. The vulnerability is located in the
arc endpoint, which accepts a fl parameter specifying the log file to open. Insufficient input validation and path sanitization allow attackers to use relative paths to access arbitrary files on the host system without authentication, potentially including sensitive OS-level files.Recommendations:
Update UnForm Server Manager to version 10.1.12 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unform Server Manager