QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34118

Published: Jul 16, 2025

Modified: May 15, 2026

PUBLISHED

Description

A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.

Vendor	Product	Versions
Linknat Technology	VOS Manager	affected `0 - <= VOS2009` affected `0 - <= VOS3000 2.1.9.06`

Weaknesses (CWE)

References

http://www.linknat.com/

product

https://web.archive.org/web/20151013001957/http://www.wooyun.org/bugs/wooyun-2010-0145458

third-party-advisory

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linknat_vos_traversal.rb

exploit

https://www.vulncheck.com/advisories/linknat-vos-manager-path-traversal-file-disclosure

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.