Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 17, 2025
Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()
CVE-2025-34239
Description
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdfmitrevendor-advisorypatch
- www.vulncheck.com/advisories/advantech-webaccess-vpn-command-injection-in-appmanagementcontrollermitrethird-party-advisory
- icr.advantech.com/download/softwaremitreproduct
News mentions
0No linked articles in our index yet.