CVE-2025-34154

CVSS

No CVSS.

U

nForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system — including sensitive OS-level files — without authentication.

References

Link	Resource
https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7
https://synergetic-data.com/
https://unform.com/download/uf101_readme.txt
https://www.vulncheck.com/advisories/unform-server-manager-unauthenticated-arbitrary-file-read
https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7

Configurations

No configuration.

History

04 Nov 2025, 23:15

Type	Values Removed	Values Added
References		() https://www.vulncheck.com/advisories/unform-server-manager-unauthenticated-arbitrary-file-read -

14 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 21:15

Updated : 2025-11-04 23:15

NVD link : CVE-2025-34154

Mitre link : CVE-2025-34154

CVE.ORG link : CVE-2025-34154

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-34154", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-13T21:15:33.300", "references": [{"url": "https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7", "source": "[email protected]"}, {"url": "https://synergetic-data.com/", "source": "[email protected]"}, {"url": "https://unform.com/download/uf101_readme.txt", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/unform-server-manager-unauthenticated-arbitrary-file-read", "source": "[email protected]"}, {"url": "https://gist.github.com/Janrdrz/3cf67a9ad488e07ceaacd7c1a7e59ae7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system \u2014 including sensitive OS-level files \u2014 without authentication."}, {"lang": "es", "value": "Las versiones de UnForm Server Manager anteriores a la 10.1.12 exponen una vulnerabilidad de lectura de archivos no autenticados a trav\u00e9s de su interfaz de an\u00e1lisis de archivos de registro. La falla reside en el endpoint arc, que acepta un par\u00e1metro fl para especificar el archivo de registro que se abrir\u00e1. Debido a la insuficiente validaci\u00f3n de entrada y a la falta de depuraci\u00f3n de rutas, los atacantes pueden proporcionar rutas relativas para acceder a archivos arbitrarios en el sistema host, incluyendo archivos confidenciales del sistema operativo, sin autenticaci\u00f3n."}], "lastModified": "2025-11-04T23:15:36.580", "sourceIdentifier": "[email protected]"}