CVE-2025-34118

HIGH

Linknat VOS Manager <2.1.9.07 - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.

Exploits (1)

metasploit WORKING POC

by Nixawk · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rb

View Code ZIP pw:eip

References (4)

[Various Sources] http://www.linknat.com/

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rb

[Various Sources] https://web.archive.org/web/20151013001957/http://www.wooyun.org/bugs/wooyun-2010-0145458

[Third Party Advisory] https://www.vulncheck.com/advisories/linknat-vos-manager-path-traversal-file-disclosure

Scores

CVSS v4 8.7

EPSS 0.4914

EPSS Percentile 97.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-20 CWE-22

Status published

Products (2)

Linknat Technology/VOS Manager < VOS2009

Linknat Technology/VOS Manager < VOS3000 2.1.9.06

Published Jul 16, 2025

Tracked Since Feb 18, 2026