CVE-2025-34047

Vulnerability Description

A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Related Weaknesses (CWE)

References

• https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2021/CN
• https://vulncheck.com/advisories/leadsec-vpn-path-traversal-file-read
• https://www.cnvd.org.cn/flaw/show/CNVD-2021-64035
• https://www.leadsec.com.cn/
• https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2021/CN

FAQ

What is CVE-2025-34047?

CVE-2025-34047 is a documented vulnerability. A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in...

How severe is CVE-2025-34047?

CVSS scoring is not yet available for CVE-2025-34047. Check NVD for updates.

Is there a patch for CVE-2025-34047?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.