CNNVD-202506-3335 Information

CNNVD ID

CNNVD-202506-3335

Related CVE

CVE-2025-34047

• CNNVD Published: 2025-06-26

Description (Chinese)

Leadsec SSL VPN是中国网御星云（Leadsec）公司的一款VPN。 Leadsec SSL VPN存在安全漏洞，该漏洞源于对文件/vpn/user/download/client中参数ostype的错误操作导致路径遍历攻击。

Description (English)

Leadsec SSL VPN is a VPN of the Chinese company Leadsec. There is a security loophole in the Leadsec SSL VPN, which stems from an error in the operation of the utype parameter in the document/vpn/user/download/client that resulted in a path attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

网御星云

Published

2025-06-26

Last Modified

2026-02-24

References

https://vulncheck.com/advisories/leadsec-vpn-path-traversal-file-read https://github.com/projectdiscovery/nuclei-templates/blob/main/ https://www.cnvd.org.cn/flaw/show/CNVD-2021-64035 https://www.leadsec.com.cn/ https://access.redhat.com/security/cve/cve-2025-34047

Patch

https://www.leadsec.com.cn/