High severityNVD Advisory· Published Jul 16, 2025· Updated Apr 15, 2026

CVE-2025-34118

Description

A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.linknat.comnvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rbnvd
web.archive.org/web/20151013001957/http://www.wooyun.org/bugs/wooyun-2010-0145458nvd
www.vulncheck.com/advisories/linknat-vos-manager-path-traversal-file-disclosurenvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000