Path Traversal Vulnerability in Riverbed SteelHead VCX Appliances
CVE-2025-34098
Key Information:
- Vendor
Riverbed Technology
- Status
- Vendor
- CVE Published:
- 10 July 2025
Badges
What is CVE-2025-34098?
A path traversal vulnerability has been identified in Riverbed SteelHead VCX appliances, specifically in version 9.6.0a. This issue arises from insufficient input validation in the log filtering functionality accessible through the management web interface. An authenticated attacker can exploit this vulnerability by submitting specially crafted filter expressions to the log_filter endpoint using the filterStr parameter. The backend parser processes this input in a manner that allows execution of file expansion syntax, enabling the potential retrieval of arbitrary system files through the log viewing interface.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
SteelHead VCX 9.6.0a
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
41% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved