CVE 8.6 HIGH

Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()_CVE-2025-34242

November 6, 2025 invoker category_cve
8.6 / 10
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

AI Analysis

SQL injection vulnerability in AjaxNetworkController.ajaxAction() allowing disclosure of database information

Basic Information

ID CVE-2025-34242
Source VulnCheck
Published Nov 6, 2025 at 19:46
Modified Nov 6, 2025 at 20:08

Affected Product

Vendor Advantech
Product WebAccess/VPN
Affected Versions Advantech WebAccess/VPN 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.6 / 10
AI Severity High
Vendor Advantech
Product WebAccess/VPN
Version < 1.1.5

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.