Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34098

A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.

Published

2025-07-10T20:15:25.413

Last Modified

2025-07-15T13:14:49.980

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/riverbed_steelhead_vcx_file_read.rb ([email protected])
https://vulncheck.com/advisories/riverbed-steel-head-vcx-authenticated-arbitrary-file-read ([email protected])
https://www.exploit-db.com/exploits/42101 ([email protected])