CVE-2014-125125

HIGH

A10 Networks AX Loadbalancer <2.7.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-125125. PoCs published by xistence, including Metasploit module auxiliary/scanner/http/a10networks_ax_directory_traversal.

AI-analyzed exploit summary This writeup describes an unauthenticated directory traversal vulnerability in A10 Networks Loadbalancer (Soft)AX versions <=2.6.1-GR1-P5 and <=2.7.0 build 217. The vulnerability allows remote attackers to download arbitrary files from the device with root privileges by bypassing insufficient path validation.

Description

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.

Exploits (2)

exploitdb WRITEUP
by xistence · textwebappshardware
https://www.exploit-db.com/exploits/31261

This writeup describes an unauthenticated directory traversal vulnerability in A10 Networks Loadbalancer (Soft)AX versions <=2.6.1-GR1-P5 and <=2.7.0 build 217. The vulnerability allows remote attackers to download arbitrary files from the device with root privileges by bypassing insufficient path validation.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: A10 Networks Loadbalancer (Soft)AX <=2.6.1-GR1-P5 & <=2.7.0 build 217
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by xistence · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in A10 Networks AX Loadbalancer, allowing arbitrary file reads by manipulating the 'filename' parameter in a GET request. It also deletes the file after downloading, requiring explicit confirmation.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: A10 Networks AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less
No auth needed
Prerequisites: Network access to the target device · CONFIRM_DELETE set to true
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v4 8.8
EPSS 0.0193
EPSS Percentile 77.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22 CWE-706
Status published
Products (2)
A10 Networks/AX Series Loadbalancer < 2.6.1-GR1-P5
A10 Networks/AX Series Loadbalancer < 2.7.0
Published Jul 31, 2025
Tracked Since Feb 18, 2026