CVE-2025-34256

Name of the Vulnerable Software and Affected Versions Advantech WISE-DeviceOn Server versions prior to 5.4

Description The software uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. This allows a remote unauthenticated attacker to generate forged JWTs containing a valid email claim, enabling impersonation of any DeviceOn account, including the root super admin. Successful exploitation grants full administrative control of the DeviceOn instance and allows code execution on managed agents through the software’s remote management features. The API endpoint is vulnerable to accepting forged JWTs. The vulnerable parameter is the email claim within the JWT.

Recommendations Versions prior to 5.4 should be updated. Restrict access to the software as a temporary mitigation.