Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 17, 2025
Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()
CVE-2025-34239
Description
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.
Affected products
2- Advantech/WebAccess/VPNv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdfmitrevendor-advisorypatch
- www.vulncheck.com/advisories/advantech-webaccess-vpn-command-injection-in-appmanagementcontrollermitrethird-party-advisory
- icr.advantech.com/download/softwaremitreproduct
News mentions
0No linked articles in our index yet.