CVE-2025-34047 Information
Jun 27, 2025
cve
Description
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard) allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation enabling traversal sequences to escape the intended directory and access sensitive files.
Reference
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2021/CNVD-2021-64035.yaml https://vulncheck.com/advisories/leadsec-vpn-path-traversal-file-read https://www.cnvd.org.cn/flaw/show/CNVD-2021-64035 https://www.leadsec.com.cn/
Related CNNVD
CNNVD-202506-3335 (Published: 2025-06-26)
Share on: