CVE-2025-34098

HIGH

Riverbed SteelHead VCX <9.6.0a - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.

Exploits (2)

exploitdb WORKING POC

by Gregory Draperi · pythonwebappslinux

https://www.exploit-db.com/exploits/42101

View Code ZIP pw:eip

metasploit WORKING POC

by Gregory DRAPERI <gregory.draper_at_gmail.com>, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/riverbed_steelhead_vcx_file_read.rb

View Code ZIP pw:eip

References (3)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/riverbed_steelhead_vcx_file_read.rb

[Third Party Advisory] https://vulncheck.com/advisories/riverbed-steel-head-vcx-authenticated-arbitrary-file-read

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42101

Scores

CVSS v4 7.1

EPSS 0.4559

EPSS Percentile 97.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-200

Status published

Products (3)

Riverbed Technology/SteelHead VCX 9.6.0a

Riverbed Technology/SteelHead VCX 9.6.1 - 9.7.*

Riverbed Technology/SteelHead VCX 9.6.1 - 9.7.x

Published Jul 10, 2025

Tracked Since Feb 18, 2026