Stored Cross-Site Scripting Vulnerability in Advantech WebAccess/VPN
CVE-2025-34236

6.2MEDIUM

Key Information:

Vendor

Advantech
Status
Webaccess/vpn
Vendor
CVE Published:
6 November 2025

What is CVE-2025-34236?

Advantech WebAccess/VPN versions prior to 1.1.5 present a stored cross-site scripting vulnerability due to inadequate validation and escaping of user-supplied input. An attacker could exploit this flaw by injecting malicious scripts. Once executed, these scripts can compromise the security of the victim's browser session, leading to unauthorized access and data manipulation. Users are advised to apply the latest patch to protect their systems from potential exploitation.

Affected Version(s)

WebAccess/VPN 0 < 1.1.5

References

https://icr.advantech.com/support/router-models/download/...
vendor-advisorypatch
https://www.vulncheck.com/advisories/advantech-webaccess-...
third-party-advisory
https://icr.advantech.com/download/software
product

CVSS V4

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alex Williams from Pellera Technologies
JSON
.
CVE-2025-34236 : Stored Cross-Site Scripting Vulnerability in Advantech WebAccess/VPN