CVE-2025-34239
06.11.2025, 20:15
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability inAppManagementController.appUpgradeAction()that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.
| Vendor | Product | Version |
|---|---|---|
| advantech | webaccess\/vpn | 𝑥 < 1.1.5 |
𝑥
= Vulnerable software versions