Advantech Webaccess/vpn — known CVE vulnerabilities
Every CVE whose affected-product data names Advantech Webaccess/vpn, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2025-34239 — CVSS 7.2 (high): Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction()…
CVE-2025-34238 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWa…
CVE-2025-34247 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows…
CVE-2025-34245 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction()…
CVE-2025-34246 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that…
CVE-2025-34240 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that…
CVE-2025-34241 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that…
CVE-2025-34242 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an…
CVE-2025-34243 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction()…
CVE-2025-34244 — CVSS 6.5 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction()…
CVE-2025-34237 — CVSS 5.4 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController…
CVE-2025-34236 — CVSS 5.4 (medium): Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkA…