CVE-2025-34098
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| riverbed | steelhead_vcx | 9.6.0a |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal flaw in Riverbed SteelHead VCX appliances, specifically confirmed in version VCX255U 9.6.0a. It occurs because the log filtering functionality on the management web interface does not properly validate input. An authenticated attacker can send specially crafted filter expressions to the log_filter endpoint using the filterStr parameter. Due to the backend parser allowing file expansion syntax, the attacker can exploit this to access arbitrary system files through the log viewing interface.
How can this vulnerability impact me? :
An attacker with valid credentials can exploit this vulnerability to read arbitrary system files on the affected appliance. This could lead to exposure of sensitive information stored on the device, potentially compromising system security and confidentiality.