CVE-2025-34245

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability inAjaxStandaloneVpnClientsController.ajaxAction()that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.