CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system — including sensitive OS-level files — without authentication.

CVSS

No CVSS.

References

Link	Resource
https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7
https://synergetic-data.com/
https://unform.com/download/uf101_readme.txt
https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7

Configurations

No configuration.

History

14 Aug 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7 -~~	() https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7 -

14 Aug 2025, 13:11

Type	Values Removed	Values Added
Summary		(es) Las versiones de UnForm Server Manager anteriores a la 10.1.12 exponen una vulnerabilidad de lectura de archivos no autenticados a través de su interfaz de análisis de archivos de registro. La falla reside en el endpoint arc, que acepta un parámetro fl para especificar el archivo de registro que se abrirá. Debido a la insuficiente validación de entrada y a la falta de depuración de rutas, los atacantes pueden proporcionar rutas relativas para acceder a archivos arbitrarios en el sistema host, incluyendo archivos confidenciales del sistema operativo, sin autenticación.

13 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 21:15

Updated : 2025-08-14 15:15

NVD link : CVE-2025-34154

Mitre link : CVE-2025-34154

CVE.ORG link : CVE-2025-34154

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-34154", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-13T21:15:33.300", "references": [{"url": "https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7", "source": "disclosure@vulncheck.com"}, {"url": "https://synergetic-data.com/", "source": "disclosure@vulncheck.com"}, {"url": "https://unform.com/download/uf101_readme.txt", "source": "disclosure@vulncheck.com"}, {"url": "https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system \u2014 including sensitive OS-level files \u2014 without authentication."}, {"lang": "es", "value": "Las versiones de UnForm Server Manager anteriores a la 10.1.12 exponen una vulnerabilidad de lectura de archivos no autenticados a trav\u00e9s de su interfaz de an\u00e1lisis de archivos de registro. La falla reside en el endpoint arc, que acepta un par\u00e1metro fl para especificar el archivo de registro que se abrir\u00e1. Debido a la insuficiente validaci\u00f3n de entrada y a la falta de depuraci\u00f3n de rutas, los atacantes pueden proporcionar rutas relativas para acceder a archivos arbitrarios en el sistema host, incluyendo archivos confidenciales del sistema operativo, sin autenticaci\u00f3n."}], "lastModified": "2025-08-14T15:15:33.427", "sourceIdentifier": "disclosure@vulncheck.com"}