CVE-2025-34118
published 2025-07-16CVE-2025-34118: A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows…
PriorityP266high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.43%
69.7th percentile
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linknat_technology | vos_manager | <= VOS2009 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
%c0%ae%c0%ae
- →Detect unauthenticated HTTP requests containing the overlong UTF-8 encoded traversal sequence '%c0%ae%c0%ae' in the URL path targeting Linknat VOS Manager endpoints under /eng/, /chs/, or /cht/. ↗
- →Monitor for HTTP requests to /eng/, /chs/, or /cht/ subpaths on Linknat VOS Manager that include percent-encoded dot sequences (%c0%ae) — these are overlong UTF-8 encodings of '.' used to traverse directories. ↗
- →The Metasploit auxiliary module 'auxiliary/scanner/http/linknat_vos_traversal' can be used to confirm presence of the vulnerability in VOS2009/VOS3000 deployments. ↗
- ·The vulnerability affects Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds. Patch to 2.1.9.07 or later to remediate. ↗
- ·The vulnerability is exploitable by unauthenticated remote attackers, meaning no credentials are required — perimeter controls and WAF rules blocking overlong UTF-8 traversal sequences are critical mitigations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.linknat.com/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rbhttps://web.archive.org/web/20151013001957/http://www.wooyun.org/bugs/wooyun-2010-0145458https://www.vulncheck.com/advisories/linknat-vos-manager-path-traversal-file-disclosure
2025-07-16
Published