CVE-2025-34118

HIGH

Linknat VOS Manager <2.1.9.07 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34118. PoCs published by Nixawk, including Metasploit module auxiliary/scanner/http/linknat_vos_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Linknat Vos Manager (vos2009/vos3000) by sending a crafted HTTP GET request with traversal sequences to read arbitrary files from the system. It identifies the target version and attempts to retrieve the specified file.

Description

A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.

Exploits (1)

metasploit WORKING POC

by Nixawk · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Linknat Vos Manager (vos2009/vos3000) by sending a crafted HTTP GET request with traversal sequences to read arbitrary files from the system. It identifies the target version and attempts to retrieve the specified file.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Linknat Vos Manager (vos2009/vos3000)

No auth needed

Prerequisites: Network access to the target system · Target running vulnerable Linknat Vos Manager

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources product

http://www.linknat.com/

Various Sources third-party-advisory

https://web.archive.org/web/20151013001957/http://www.wooyun.org/bugs/wooyun-2010-0145458

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rb

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/linknat-vos-manager-path-traversal-file-disclosure

Scores

CVSS v4 8.7

EPSS 0.7029

EPSS Percentile 98.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-20 CWE-22

Status published

Products (2)

Linknat Technology/VOS Manager < VOS2009

Linknat Technology/VOS Manager < VOS3000 2.1.9.06

Published Jul 16, 2025

Tracked Since Feb 18, 2026